iOS weakness could let attackers trick you into giving away your passwords

iOS weakness could let attackers trick you into giving away your passwords
Apple's iCloud security has been under some scrutiny since the infamous nude photo leak that happened last year. Fact is, Internet hacks occur quite often, however, when a company keeps its products so tightly locked in its own ecosystem, and is always so vocal about keeping its customers' privacy, any sort of private information leak will spark more controversy than usual. So, even though it was reported that the “hackers” were actually just able to “guess” the victims' passwords (use complex passwords, folks!), the iCloud security has a stain on its uniform – one that'll take a while to wash off.

Well, now, another weakness threatens the name of Apple's security. A resourceful coder managed to find and exploit a chink in the iOS email app's armor – there is a way to trick it so that it stops ignoring HTML tags in emails. What this means is that the attacker can have a pop-up window, looking exactly like the one that iOS would draw, to come up and ask the user to log in to their iCloud again. Experienced users would definitely get a red light from such an occurrence, as an iCloud log-in is not something that you'd need to do midway through checking your email, but casual consumers would often no think twice about it.

It's safe to assume that Apple will be patching this up ASAP, but as of now – be careful when checking those emails, folks! In fact, it's a good idea to always stay vigilant for unusual password prompts, no matter the operating system you are using.


source: GitHub via Engadget

FEATURED VIDEO

14 Comments

1. Wiencon

Posts: 2278; Member since: Aug 06, 2014

I don't mind if more photos of some actresses leak

2. AnTuTu

Posts: 1621; Member since: Oct 14, 2012

It's not a bug but a feature of iOS. If you lose your account, you set it up wrong ~Apple

3. Ordinary

Posts: 2454; Member since: Apr 23, 2015

5. BobbyDigital

Posts: 2125; Member since: May 29, 2014

Lmao! +1 to you sir!

10. Mxyzptlk unregistered

For the clueless ones supporting this may I remind you that using a simple password or the same password is grounds for getting hack. The article even mention that it wasn't Apple fault for the leaks. But I don't expect some of you to be able to understand that.

12. xfire99

Posts: 1207; Member since: Mar 14, 2012

For the clueless you. Im sure others doesnt expect either, that u to be able to understand that most iOS users arent that smart. If they were, it would never happened and we thanks for that. #fappening :)

9. waddup121 unregistered

definitely!

4. rick_mobile

Posts: 359; Member since: Dec 13, 2010

This must be a lie, apple users don't pay so much just to get so many bugs, limited features and no real innovation. This is an android fan elaborated lie! #sarcasm *grabs m&m's*

6. BobbyDigital

Posts: 2125; Member since: May 29, 2014

Lmao!! And +1 to you as well sir!

11. Mxyzptlk unregistered

Lollipopgate

7. My1cent

Posts: 370; Member since: Jan 30, 2014

This (fake pop-up asking for a password) old trick's still working?

8. marorun

Posts: 5029; Member since: Mar 30, 2015

*So, even though it was reported that the “hackers” were actually just able to “guess” the victims' passwords * This was not the issue the issue was thats you could brute force it by trying 10000000 different password using a automated script and icloud would never block you for trying too many time.. Do you know how newbie this is? PA need to stop been sold to Cr4pple and Shamesung.

13. jroc74

Posts: 6023; Member since: Dec 30, 2010

"This was not the issue the issue was thats you could brute force it by trying 10000000 different password using a automated script and icloud would never block you for trying too many time." If this is the case....that really is a rookie mistake by Apple...

14. james2841

Posts: 167; Member since: Dec 10, 2014

the "hackers" just tried a list of 500 horrible passwords and then they uploaded it to 4chan and reddit where i downloaded the pictures from.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.