Apple’s iOS is widely recognised as one of the most secure mobile operating systems on the market today but is that really true? Well, maybe it is, but what I can tell you for sure is that nothing is unhackable in today’s world.
A security researcher claimed that it is now easier than ever to get hold of any iPhone or iPad user’s Apple ID account with a simple HTML injection. The security specialist claims to have built a tool that would allow just about anyone to make use of a well-known flaw in an Apple’s iOS Mail app and trick the user into giving his or her Apple ID credentials.
The tool mentioned above is said to create an HTML popup that mimics Apple’s own popup that asks you to re-enter your Apple ID credentials. As a regular iPhone user, you are likely to be so used to it that you won’t notice the difference and just type in your credentials as usual.
Once you tap OK on the popup, the credentials are sent to the hacker’s remote server. This likely puts everyone using an iPhone or iPad at risk, so do take care and remember that the Apple ID prompt appears only when you perform an action that requires your authorisation and not just out of the blue.
The issue is said to have been filed and acknowledged by Apple, but no fix has been released just yet. So how worried are you? Will you think twice before entering your Apple ID credentials?
Thank you BGR for providing us with this information
