A researcher has found a bug in the Mail client on iOS that leaves users prone to hackers. Jan Soucek, a Prague-based researcher, spotted the bug in January.
However, after the software giant Apple failed to fix the flaw, he published the 'proof-of-concept' code in an attempt to bring it to the company's attention.
The bug enables remote HTML content to be loaded and replaces the original e-mail content. Hackers can create a fake login screen, pop-ups and tools using simple computer language. The bug is caused because the iOS Mail app fails to ignore dangerous HTML code in the e-mail messages, leaving it exposed.
A proof-of-concept attack carried out by the researcher shows an email that, once opened, prompts a login screen that looks identical to the iCloud service. Most users then enter their iCloud username and password, handing them over to the hackers.
In the video, the researcher shows how the Mail client can be exploited on an iPhone as well as iPad. Users should be wary of pop-up login screens that come up randomly while using iPhone and iPad.They can clear the fake login screen by pressing the home button.
A spokesman for Apple said that they are not aware of any consumer affected by this proof of concept; however, they are working on a fix for a forthcoming software update, according to PC Mag.
The company has released iOS 8.4 beta versions, which is suspected to include a fix, to testers and developers and a complete update is expected pretty soon.
Apple added two-factor authentication to the service to make it more safe and secure after the iCloud hack in 2014. The company has recommended users to activate two-factor authentication, Ars Technica reported.
See the Video