iOS flaw tricks you into giving up your iCloud password

Successful hack attacks often happen not because of tricky coding, but plain old “social engineering” — ie, conning people. The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher’s proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks “OK.”

More from engadget.com by clicking here

This entry was posted in Cybersecurity Memo - Insiders Edition. Bookmark the permalink.