Your IT Consultant

Huge iPhone Security Flaw Pwns Your Password

June 11, 2015

I don’t understand why Apple is so slow to issue updates to fix security vulnerabilities in its products. In contrast, Apple was fast to fix iCloud after exposure of all the nude selfies. Oh yeah, that’s right, it wasn’t a security problem. Apparently, being able to brute force thousands of login attempts without locking out the ID isn’t a security issue. As The Register reports, we now know of a new bug in iOS that allows for the easy theft of your iCloud password.

A security researcher for Ernst and Young notified Apple in January that there is a problem in the iOS Mail app that automatically loads HTML content. The researcher, Jan Soucek, identified a bug that allows remote HTML content to be loaded, replacing the original e-mail message contents. This means that you can send a message that pops up a dialog box prompting for the user’s password. He’s even created a video that demonstrates the flaw. So far, nothing from Apple except a generic response stating that the company doesn’t discuss the security of its products. I get that. Don’t discuss it, just fix it.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com