A serious vulnerability to steal iCloud's password from the iPhone / iPad is found, Apple seems to have left vulnerability for about half a year



"IOS 8" installed on iPhone and iPad is preinstalled as standard application "mail". A serious bug was found in this mail application, and the possibility that the iCloud password leaks out emerged when it was abused.

Jansoucek / iOS-Mail.app-inject-kit · GitHub
https://github.com/jansoucek/iOS-Mail.app-inject-kit

Security researcher Jan Soucek, who found the bug, reported details of the bug to Apple in January 2015, but since the bug was not fixed in iOS 8.1.2, which was released after that, and the next update , The code for verification (Proof-of-Concept) is released. In addition, I have released a movie containing a code to actually extract iCloud's password from iOS.

Proof-of-concept: iOS 8.3 Mail.app attack - YouTube


Receive new mail on iPad.


When you open the received mail, the iCloud login screen will appear before checking the text.


Enter the password and tap "OK" ......


Without logging into iCloud, I received a mail saying "Password Thank you!" The iCloud password has leaked to the sender of the mail.


This time it is verified with iPhone. Expanding mails received as well as iPad.


When the iCloud login screen is displayed and you try to login by entering the password ......


Although the browser starts for a moment ... ...


Even then I received a mail saying "Thank you for your password!"


According to the movie, using the vulnerability discovered by Mr. Soucek, it is possible to forge and display "iCloud login screen". If you enter the password on the forged login screen and send it, the password will leak to the sender.

Mr. Soucek reported vulnerabilities to Apple in January and also released vulnerabilities on Twitter.

However, as mentioned earlier, since the vulnerability was not corrected in subsequent updates, Mr. Soucek is working on Github to release the verification code. By using Mr. Soucek's public verification code, you will be able to send mail that can collect passwords. Care must be taken not to enter a password absolutely even if an iOS user receives an email requesting the password input of iCloud.

Security company'sErrata Security"The vulnerability discovered this time is quite serious," said Rob Graham, CEOArs TechnicaHe said that he actually received an e-mail to exploit this vulnerability to extract his password on June 10.

Regarding this case, Apple commented, "Users actually attacked have not been found so far, but we are doing our utmost to fix the current bug so we can fix it with the next update."

in Mobile,   Software, Posted by darkhorse_log