Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

iOS Bug Could Lead to Stolen iCloud Passwords

A bug in iOS 8.3 prevents the Mail app from stripping risky code from email messages. In a proof-of-concept attack, security researchers inserted code into email messages that displayed a fake iCloud login prompt. While this hasn’t yet appeared in the wild, there’s an easy way to tell if an Apple login dialog is real: press the Home button. A real login dialog is modal, which means that pressing the Home button will do nothing until the dialog has been addressed.favicon follow link


Comments about iOS Bug Could Lead to Stolen iCloud Passwords
(Comments are closed.)

dbrugger  2015-06-12 05:47
What/where is the "Home" button on a computer?
Josh Centers  2015-06-12 10:37
The bug is in iOS, so there's no need to press your Mac's Home button. :-)
James Bailey  2015-06-17 17:19
You can also just turn off Load Remote Images in Settings app "Mail, Contacts, Calendars". The name seems to be a bit of a misnomer in that it disables all remote content including the website that is being loaded via the meta-refresh.

Turning off Load Remote Images has the additional privacy advantage that spammers and others can't use web-bug images to verify that your email account is real.