Tuesday, 9 June 2015

Leak in iOS Mail App Allows Remote Attacker HTML Charge

A researcher has revealed a leak in the iOS Mail app which allows an attacker to load external HTML e-mail messages, which it is then possible to perform very convincing phishing attacks. The vulnerability was in January this year by researcher Jan Soucek discovered.

The iOS mail client shows a particular HTML tag in email messages can not be ignored. As a result, HTML content can be loaded which replaces the contents of the original e-mail message. Sourcek reported the problem to Apple in January, but because there is still no solution has appeared Soucek decided now a proof-of-concept to publish his attack. Thus, it is possible to display a pop-up to the user through the e-mail that looks like a legitimate logon window. In reality it is a malicious pop-up completed the password sends to the attacker, according to a demonstration video below.

No comments:

Post a Comment