Authored by a Symantec employee
Researchers discovered a new vulnerability in Apple’s mobile iOS platform that has the potential to trick users into divulging their passwords to scammers. A bug lurking in Apple’s iOS mail app on both iPhone and iPad, involved in handling HTML code will allow scammers to send a phishing email that will prompt a popup dialogue box asking for the user’s iCloud password. This popup mimics the iCloud login window, prompting users to re-enter their password. An easy way to spot the fake is that the login window can be cleared by pressing the home button, whereas the legitimate iOS popups won’t clear unless the user presses cancel.
While this has been discovered by researchers and has not been exploited in the wild yet, it is still a good idea to proactively protect yourself. Since word of the vulnerability is out, attackers may rush to exploit it before Apple releases a patch.
Although this is not a bug that can be caught by Internet security software, you can still stay safe. For the most protection, you should set up two-factor authentication on your iCloud account. In addition to two-factor authentication, always be on the lookout for phishing emails, and remember to be especially cautious when opening emails from unknown senders on an iOS device.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.