A vulnerability in the iOS e-mail client allows an attacker to send messages that can trick the recipients to give the credentials they use to Apple while on malicious websites.
The vulnerability has already been reported to Apple since January 15, but Jan Soucek, the researcher who discovered it, says it has not been patched in any of the iOS versions released since version 8.1.2.
PoC was posted
Apple's mobile operating system, iOS, is now released in the stable 8.3 version, while 8.4 is beta-deployed and only available to registered developers.
For five months Apple has not taken any action to resolve the issue, so the researcher has decided to make public his findings and proof of vulnerability (PoC), in the hope that this will force the company to speed up the repair.
Vulnerability
Researcher Soucek found that the HTML tag is not ignored by the E-mail application, which can be used to replace the original content in an e-mail with HTML tags from a remote location under the control of the attacker.
In the video he published to prove the exploit's success, he shows that Apple's home page is emerging through malicious messages.
An email that forges the login page can be sent without displaying content from a different webpage using the "http-equiv" feature that provides flexibility and allows the fake login page to be placed in the correct box.
Soucek states that "vulnerabilities can be used for anything that requires HTML tags that are not supported by Mail.app."
One way protections from such attack is to enable control identity two-factor to your Apple ID.
