iOS weakness could let attackers trick you into giving away your passwords

Apple's iCloud security has been under some scrutiny since the infamous nude photo leak that happened last year. Fact is, Internet hacks occur quite often, however, when a company keeps its products so tightly locked in its own ecosystem, and is always so vocal about keeping its customers' privacy, any sort of private information leak will spark more controversy than usual. So, even though it was reported that the “hackers” were actually just able to “guess” the victims' passwords (use complex passwords, folks!), the iCloud security has a stain on its uniform – one that'll take a while to wash off.

Well, now, another weakness threatens the name of Apple's security. A resourceful coder managed to find and exploit a chink in the iOS email app's armor – there is a way to trick it so that it stops ignoring HTML tags in emails. What this means is that the attacker can have a pop-up window, looking exactly like the one that iOS would draw, to come up and ask the user to log in to their iCloud again. Experienced users would definitely get a red light from such an occurrence, as an iCloud log-in is not something that you'd need to do midway through checking your email, but casual consumers would often no think twice about it.

It's safe to assume that Apple will be patching this up ASAP, but as of now – be careful when checking those emails, folks! In fact, it's a good idea to always stay vigilant for unusual password prompts, no matter the operating system you are using.

source: GitHub via Engadget