wraggster
June 11th, 2015, 20:38
http://o.aolcdn.com/hss/storage/midas/29257f883e5ecd4201527b92d2869c5e/202119297/icloud-exploit-2015-06-11-02.gif (http://www.engadget.com/2015/06/11/ios-flaw-icloud-password/)
Successful hack attacks often happen not because of tricky coding, but plain old "social engineering (http://www.engadget.com/2013/11/09/bitcoin-hijack-1-2-million/)" -- ie, conning people. A Github researcher called "jansoucek" has discovered an iOS exploit that works on that principal to steal people's iCloud passwords (http://www.engadget.com/2014/12/18/Elcomsoft-phone-breaker-icloud-two-step/). The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher's proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks "OK."
http://www.engadget.com/2015/06/11/ios-flaw-icloud-password/
Successful hack attacks often happen not because of tricky coding, but plain old "social engineering (http://www.engadget.com/2013/11/09/bitcoin-hijack-1-2-million/)" -- ie, conning people. A Github researcher called "jansoucek" has discovered an iOS exploit that works on that principal to steal people's iCloud passwords (http://www.engadget.com/2014/12/18/Elcomsoft-phone-breaker-icloud-two-step/). The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher's proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks "OK."
http://www.engadget.com/2015/06/11/ios-flaw-icloud-password/