A vulnerability in the iOS e-mail client allows an attacker to send messages that can trick the recipients to give the credentials they use to Apple while on malicious websites.
Vulnerability has already been reported to Apple since January 15, but Jan Soucek, the researcher who discovered it, reports that it has not been repaired in any of the iOS versions released since 8.1.2.
PoC was posted
Apple's mobile operating system, iOS, is now released in the stable 8.3 version, while 8.4 is beta-deployed and only available to registered developers.
For five months Apple has not taken any action to resolve the issue, so the researcher has decided to make public his findings and proof of vulnerability (PoC), in the hope that this will force the company to speed up the repair.
Vulnerability
Researcher Soucek found that the HTML tag is not ignored by the application E-mail, κάτι το οποίο μπορεί να αξιοποιηθεί για να αντικαταστήσει το αρχικό περιεχόμενο σε ένα μήνυμα ηλεκτρονικού post officey with the HTML tags from a remote site under the attacker's control.
In the video he published to prove the exploit's success, he shows that Apple's home page is emerging through malicious messages.
An email message that spoofs the login page can be sent without displaying content from a different web page by using feature “http-equiv” which provides flexibility and allows the fake login page to be placed in the correct context.
Soucek states that "vulnerabilities can be used for anything that requires HTML tags that are not supported by Mail.app."
A way to protect against such attack is to enable control ID cardtwo-factor to your Apple ID.
