Flawed Apple’s Mobile Email Application Raises Privacy Concerns

The apple users have genuine reasons to worry as a recent report by a security researcher has unveiled the mischievous act of hackers who trick users to disclose their iCloud password. Jan Soucek has asserted that the flawed mobile email application of Apple is posing risks to privacy.

Jan Soucek explained that this bug allows remote HTML content to be loaded, replacing the content of the original email message. This email with HTML code, resembling the iCloud login pop-up window is then sent to the user.

As soon as the user logs in, the hacker receives an email containing the password. Thus, with the iCloud credentials, the intruder can download the entire contents of an account to a new device depending on what a person has chosen to store on iCloud.

Soucek has published a proof-of-concept code and a demonstration video to comprehensively explain the bug. Soucek informed that he had found the bug in January and had notified Apple which failed to fix the bug in iOS 8.1.2. Soucek adds that therefore he decided to publish the proof of concept code.

Soucek stated," Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in HTML tags in email messages not being ignored. It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2".

Apple officials did not immediately comment. However, it is known that Apple did make efforts to strengthen the security of iCloud accounts after certain celebrity accounts were hacked last year.