Security researcher Jan Soucek has discovered a bug that would let hackers run a fake re-login prompt using an email sent to iOS Mail. Once opened, code in the email could imitate an iCloud login prompt and trick users into giving away their Apple ID user name and password.
Souceck says he found the bug in iOS 8.1.1 back in January and filed a bug report with Apple, but after not hearing back or seeing a fix after five months, he made the code public. Now that the code is available to anyone, users should be wary of login requests made by their iOS devices while iOS Mail is running.
Apple hasn’t commented on the issue. [via The Register]
.
