iOS Mail Bug Could Be Used to Phish Passwords From Users
Posted June 10, 2015 at 4:02pm by iClarified
Jan Soucek has discovered a new bug in the iOS mail app that could load remote HTML code replacing the original content of the message.
Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.
The bug could be used to create fake iCloud-like login forms that would capture passwords and more --right within the iOS Mail app. Soucek says he notified Apple of this bug back in January 2015, but the company never issued a fix -- so he published a proof of concept to put pressure on Apple to fix the bug.
While Soucek uses an iCloud-login form to demonstrate the bug, almost any website could be imitated, making it possible to steal credit cards, passwords, social security numbers, and more.
No word on which iOS versions are impacted by the bug, but please by wary of any pop login forms that appear with the iOS Mail App.
Read More
Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.
The bug could be used to create fake iCloud-like login forms that would capture passwords and more --right within the iOS Mail app. Soucek says he notified Apple of this bug back in January 2015, but the company never issued a fix -- so he published a proof of concept to put pressure on Apple to fix the bug.
While Soucek uses an iCloud-login form to demonstrate the bug, almost any website could be imitated, making it possible to steal credit cards, passwords, social security numbers, and more.
No word on which iOS versions are impacted by the bug, but please by wary of any pop login forms that appear with the iOS Mail App.
Read More
![Apple Confirms Exclusive US F1 Coverage Starts March 7, Shares First Look at Interface [Video]](/images/news/99274/99274/99274-160.jpg "Apple Confirms Exclusive US F1 Coverage Starts March 7, Shares First Look at Interface [Video]")
![Apple Shares Official Trailer for 'Born to be Wild' Wildlife Series [Video]](/images/news/99271/99271/99271-160.jpg "Apple Shares Official Trailer for 'Born to be Wild' Wildlife Series [Video]")
![Apple Rocked by Executive Turmoil as Chip Chief Johny Srouji Considers Leaving [Report]](/images/news/99269/99269/99269-160.jpg "Apple Rocked by Executive Turmoil as Chip Chief Johny Srouji Considers Leaving [Report]")
![Apple, Google, Samsung Protest India's Mandatory Always-On Location Tracking Plan [Report]](/images/news/99266/99266/99266-160.jpg "Apple, Google, Samsung Protest India's Mandatory Always-On Location Tracking Plan [Report]")
![OpenAI Accelerates GPT-5.2 Launch to Next Week Amid 'Code Red' [Report]](/images/news/99261/99261/99261-160.jpg "OpenAI Accelerates GPT-5.2 Launch to Next Week Amid 'Code Red' [Report]")
![AirPods 4 With ANC Are Still On Sale for Just $99! [Lowest Price Ever]](/images/news/99264/99264/99264-160.jpg "AirPods 4 With ANC Are Still On Sale for Just $99! [Lowest Price Ever]")
![Final Cyber Monday Deals: M4 MacBook Air for $749, Beats, Sonos, and More [List]](/images/news/99203/99203/99203-160.jpg "Final Cyber Monday Deals: M4 MacBook Air for $749, Beats, Sonos, and More [List]")
![iPad mini 7 Falls to New All-Time Low of $349 [Cyber Monday 2025]](/images/news/99197/99197/99197-160.jpg "iPad mini 7 Falls to New All-Time Low of $349 [Cyber Monday 2025]")
![Apple Watch Series 11 Drops to New All-Time Low Price of $329 [Cyber Monday 2025]](/images/news/99195/99195/99195-160.jpg "Apple Watch Series 11 Drops to New All-Time Low Price of $329 [Cyber Monday 2025]")
