Researchers discovered a new vulnerability in Apple’s mobile iOS platform that has the potential to trick users into divulging their passwords to scammers. A bug lurking in Apple’s iOS mail app on both iPhone and iPad, involved in handling HTML code will allow scammers to send a phishing email that will prompt a popup dialogue box asking for the user’s iCloud password. This popup mimics the iCloud login window, prompting users to re-enter their password. An easy way to spot the fake is that the login window can be cleared by pressing the home button, whereas the legitimate iOS popups won’t clear unless the user presses cancel.
While this has been discovered by researchers and has not been exploited in the wild yet, it is still a good idea to proactively protect yourself. Since word of the vulnerability is out, attackers may rush to exploit it before Apple releases a patch.
Although this is not a bug that can be caught by Internet security software, you can still stay safe. For the most protection, you should set up two-factor authentication on your iCloud account. In addition to two-factor authentication, always be on the lookout for phishing emails, and remember to be especially cautious when opening emails from unknown senders on an iOS device.