A malicious iOS bug is lurking around Apple Mail app that allows hackers to steal iCloud password of Apple users. The bug lets cyber thieves create fake Apple ID login to snatch credentials of iOS users.
According to a researcher who discovered the vulnerability “This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message”
The bug was spotted back in January by a researcher know as jansaucek he allegedly reported the glitch to Apple immediately but no fix has been released so far.
“It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.” Wrote jansaucek on github alongside a link for YouTube video that showcases the bug in action.
The above video demonstrates the bug very clearly so if your Apple device is running iOS version 8.1.2 or later chances are you might encounter the mail bug.
How to avoid it:
Although, Apple hasn’t released a fix for the bug yet awareness about the bug can prevent you from unknowingly giving away your iCloud password to hackers. Watch out for any malicious pop up on your iPhone and iPad.
If you see a mail login pop screen like the one shown in above video do not enter any personal information. Instead, press home button and the fake login screen will crash in the process. Check back for active application if the login screen was genuine it would be still exist.
This is the second malicious bug that has put iOS devices to risk in recent time. Apple was in the bad light for the message bug few weeks ago but the Cupertino giant was quick to announce a fix for that. Soon Apple is going to launch the iOS 8.4 that is expected to address a lot of bug issues. Hopefully, we may find a patch for the mail bug in the upcoming update.
