Those of you who have an iPhone or iPad can update them to the new iOS 11.3. The update comes with a few new features and more security improvements. But you will be just as vulnerable to e-fishing attacks as before the update.
Η upgrade brings a new privacy icon that helps users identify when Apple is asking for more of their personal information. The update doesn't change how much data Apple collects, but it does show what data will be collected when Apple apps and features are first used.
The downside to iOS 11.3's new privacy app, however, is that it has nothing to do with preventing phishing attacks that try to steal your password on iCloud. Of course, Apple never promised anything like that.
Although phishing attacks have been the weakest link in the device for years, attacks continue to be quite successful, something Apple does not seem to want to deal with.
Ο Felix Krause demonstrated, how easy it was to trick an iPhone or iPad user into obtaining Apple ID credentials.
In a PoC, said users are "trained to simply enter" their email address and password "whenever iOS requests it".
Any iPhone or iPad user can tell you that their phone or tablet accidentally asks for the password, but it is not clear why and when. This is the behavior of the attackers.
A publication he says the attack like the "hacker dream".
Even with authentication two factors, users aren't necessarily safe, Krause says. If someone wants to wreak havoc, all they need is their Apple ID email address and password to wipe every device without warning.
Apple again in one publication reports that it's difficult for her to fight phishing - or social engineering, as is often said.
Others say it is not that difficult.
"We would like to see password requests appear as banner alerts," says Strafach.
"Using a notification and redirecting to Settings will completely resolve the issue."
It's a simple solution that's been suggested by Krause and others, but Apple does not seem to be doing anything.
