iOS flaw tricks you into giving up your iCloud password

-

Successful hack attacks often happen not because of tricky coding, but plain old "social engineering" -- ie, conning people. A Github researcher called "jansoucek" has discovered an iOS exploit that works on that principal to steal people's iCloud passwords. The latest version of iOS, 8.3, apparently fails to filter out potentially dangerous HTML code embedded in incoming emails. The researcher's proof-of-concept code takes advantage of that by calling up a remote HTML form that looks identical to the iCloud log-in window. It could easily trick someone into entering their iCloud username and password, then hide the dialog after the user clicks "OK."

More sophisticated folks might be suspicious, since there are differences between a real iCloud log-in and the fake one. For instance, predictive keyboard mode doesn't turn off like it normally would, and the fake dialogue can be dismissed by hitting "home," unlike the real McCoy. Still, if you weren't thinking for a second or didn't realize those things, a baddie could nab your password and seize control without you realizing a thing. (Two-step authentication would save your bacon, of course.) Jansoucek said that he first reported the bug in January, but it has yet to be fixed, hence his decision to publish the proof-of-concept. We've reached out to Apple for comment.

Engadget

Comments

Post a Comment

Popular posts from this blog

There is a SHOCKING new video making its way around the internet, which shows a mother and daughter starring in an adult video.

-
Image
But it’s not just ANY OLD video, it’s one entitled “GHETTO GAGGERS.” The daughter – actress Jasmine Rose – brought her mom on the set for “moral support.” But then the mom decided to get in on the shot. The mom was asked to “hold her daughter’s head steady,” while men SPIT in her face, called her names and then SKEET in her daughter’s face. See the video here
Read more

Denzel Washington launches campaign to play James Bond

-
Image
He’s played a mafia don in  American Gangster  and a dodgy police detective in Training Day  but now Denzel Washington wants to be one of the good guys. The Oscar-winning actor told Reddit users during an  Ask Me Anything session yesterday that he wanted to take on the  role of 007 . “The next James Bond? They better hurry up! Yes I would! Who's doing James Bond now..Daniel Craig! Did they shoot another one?” He even went so far as to launch a social media campaign, saying, “Everybody should tweet Denzel is James Bond! Send it to the studio! We start the Denzel is Bond campaign today!” Reddit users were quick to spread the word, with pm_me-please posting “I just tweeted #DenzelIsJamesBond everybody do it now!” British actor Craig  has been playing 007 since 2006 when he starred in a darker remake of  Casino Royale . His version of the spy marked a departure from the more cheesy action romps that the franchise was previously known for. Along with the Bond question, Washington was al
Read more