Hello Guest, welcome to torrentinvites.org - Your #1 source for Torrent Invites!
CLICK HERE to register for free and gain full access to TI.org!
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
1Likes
-
1
Post By CPU
-
Security Bug Leaves iCloud Passwords Vulnerable To Phishing
In a proof-of-concept attack, a researcher has shown how a security flaw within the iOS mail client can be easily exploited to trick Apple users into handing over their iCloud passwords.
The flaw, which can be found in the default email program in the latest version of iOS for iPhone or iPad, fails to strip out potentially malicious code such as the < meta http-equiv=refresh > HTML tag in email messages. This could allow a clever phisher to remotely load HTML, replacing the original content of the email.
The researcher who discovered the bug showed how it could be exploited by downloading a form from a remote server that looks exactly like a legit iCloud log-in prompt. If such an email was opened and a victim input his or her password, a hacker could easily steal the details.
Online
Security Bug Leaves iCloud Passwords Vulnerable To Phishing
Maddie Stone
15 June 2015 5:30 PM
Share 13 Discuss 3 Bookmark
Security Bug Leaves iCloud Passwords Vulnerable to Phishing
In a proof-of-concept attack, a researcher has shown how a security flaw within the iOS mail client can be easily exploited to trick Apple users into handing over their iCloud passwords.
The flaw, which can be found in the default email program in the latest version of iOS for iPhone or iPad, fails to strip out potentially malicious code such as the < meta http-equiv=refresh > HTML tag in email messages. This could allow a clever phisher to remotely load HTML, replacing the original content of the email.
The researcher who discovered the bug showed how it could be exploited by downloading a form from a remote server that looks exactly like a legit iCloud log-in prompt. If such an email was opened and a victim input his or her password, a hacker could easily steal the details.
Here’s a video demonstration:
Apple’s OS has a tendency to randomly display iCloud login prompts anyway, and the exploit can be programmed to ask for a password only once, so as not to arouse suspicion. So, it’s not terribly difficult to imagine a slew of unsuspecting Apple users getting caught in this sort of phishing scheme.
The security researcher says he first reported the flaw to Apple back in January. Six months and no sign of a fix later, he decided to publish his exploit online. The strategy seems to be paying off: several days ago, Apple officials told Ars Technica that the company is now working on a fix for an upcoming software update.
In the meanwhile, if you’re an Apple user who hasn’t activated two-step verification, this would be a great time to do so.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules