Those of you who have an iPhone or iPad can update them to the new iOS 11.3. The update comes with a few new features and more security improvements. But you will be just as vulnerable to attacks phishing, as before the update.
The upgrade brings a new privacy icon that helps users track when Apple requests more personal information. The update does not change how much data Apple collects, but it does indicate what data will be collected when Apple applications and features are first used.
The downside to iOS 11.3's new privacy app, however, is that it has nothing to do with preventing attacks Phishing trying to steal your iCloud password. Of course, Apple never promised that.
Although phishing attacks have been the weakest link in the device for years, attacks continue to be quite successful, something Apple does not seem to want to deal with.
Ο Felix Krause demonstrated, how easy it was to trick an iPhone or iPad user into obtaining Apple ID credentials.
In a PoC, said users are "trained to just enter" the address their email and password “whenever iOS asks”.
Any iPhone or iPad user can tell you that their phone or tablet randomly asks for the passcode access, but it is not clear why and when. This is the behavior that attackers exploit.
A publication he says the attack like the "hacker dream".
Even with two-factor authentication, users are not necessarily secure, Krause says. If someone wants to cause damage, all they need is an Apple ID email address and password to delete each device without warning.
Apple again in one publication reports that it is difficult for her to combat phishing – or social engineering, as often mentioned.
Others say it is not that difficult.
"We would like to see password requests appear as banner alerts," says Strafach.
"Using a notification and redirecting to Settings will completely resolve the issue."
It's a simple solution that's been suggested by Krause and others, but Apple does not seem to be doing anything.