Apple Mail flaw could pose risk to iCloud passwords
A security researcher says a vulnerability in Apple’s mobile email application could be used to trick someone into divulging their iCloud password.
Prague-based Jan Soucek published proof-of-concept code that shows how he could send an email to someone with HTML code that resembles the iCloud login pop-up window. Soucek then receives an email containing the password.
The vulnerability allows remote HTML content to be loaded in an email, which replaces the content of the email message. Soucek wrote he then built a functional password collector using HTML and CSS. He also published a demonstration video.