The head of the company Ernst and Young Jean Soucek has created a tool that can generate phishing emails exploiting a bug in mail on iOS, Securitylab reports. According to him, the flaw affects millions of iPhone and iPad owners.
Created by Soucek set of tools in the form of a Mail file for iOS 8.3, uses a bug in the built-in email client operating system in order to realistically display a popup notification. The messages look like standard window to enter the settings for your Apple ID account.
“This vulnerability allows remote download to the target device, the HTML content, replacing the content of the original email message. In this case you cannot use JavaScript, but even without it is still possible to create programs, for example, intercepting passwords”, – said the expert.
The researcher also emphasized that the iOS developers have not responded to his messages, the first of which he sent back in January of this year.
Apple representatives have not commented on the situation.
