A vulnerability in the Mail app on iOS will allow hackers to take over the password from iCloud
Makradar Technologies / / December 19, 2019
Security hole iOS Mail app will allow a remote attacker to transfer HTML and CSS-code on someone else's device when reading user-specific emails. One of the possible scenarios of exploitation of a vulnerability can be a demonstration of a false window enter the password, and then introduced a set of characters to be sent to the data base by hackers.
Security specialist Jan Soucek (Jan Soucek) for more than five months ago, found in the email application iOS 8.1 vulnerability that allows remote display any HTML and CSS-code when viewing emails from intruders.
Soucek has sent his report directly to Apple and all the while waiting for an answer or iOS update to fix the bug. Yesterday came out already fourth beta of iOS 8.4But it was never fixed a bug. Apparently, Soucek no longer want to wait for Apple reactions and posted detailed information about vulnerabilities in the network. Now anyone can use this data and make an attack on your e-mail address.
Soucek also demonstrated the vulnerability on video and showed what can be done with this bug. The easiest option - to forge a popup authorization window iCloud and take possession of someone else's password from the service. Yang also says that the possibility of hackers are not limited to hacking and can be done in any other way.
Apple reaction is not followed.
via