Successful hack attacks often happen not because of tricky coding, but plain old "social engineering" -- ie, conning people. A Github researcher called "jansoucek" has discovered an iOS exploit that works on that principal to steal people's iCloud passwords. The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher's proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks "OK."

http://www.engadget.com/2015/06/11/i...loud-password/