You may need to change the password of your iOS device as a security researcher reported that a flaw in Apple’s systems can let hackers send iCloud users phishing emails, making millions of accounts vulnerable.

Jan Soucek (@jansoucek), a white hat hacker or someone who uses his technical skills for good purposes not evil, developed an iOS8.3 mail.app popup, which resembles the sort of messages sent normally by Apple users when they are asked to submit their password. However, instead of offering the iCloud user access to the account the popup lets hackers gain control of the targeted computer, Soucek says.

Apple ID holders with two-step verification enabled may see a few more padlocks on their iCloud screens. Screenshot/Apple
Apple ID holders with two-step verification enabled may see a few more padlocks on their iCloud screens. Screenshot/Apple

The presence of any such security bug hasn’t been verified by Apple but the firm didn’t reply Soucek when he reported this issue.

Soucek attached a video footage about how the hack attack can be conducted and wrote on a GitHub page that:

“This bug allows remote HTML content to be loaded, replacing the content of the original email message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS.”

Nonetheless, the iPhone/iPad maker is yet to confirm the vulnerability and also, none of the iCloud users have been affected by this bug. But, we can conclude this is may prove to be another headache for the iCloud that has already been exploited a lot previous year when hundreds of nude photos of celebrities got leaked.

Watch the video uploaded by hacker below:

sourceGutHub

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.