The vulnerability exists for quite a long time and Apple has not taken any action to address it.
Developed by Felix Krause (Felix Krause) has demonstrated a new way to steal data iOS users via phishing. Thus attackers can steal the password from Apple ID and get access to the account he wrote in his blog.
Krause explained that the application developers can forge a special window that typically appears on iOS if necessary, enter the password. It appears while making purchases on the device or in obtaining access to iCloud and Game Center.
Due to the fact that the system field to enter information you may receive including inside apps, attackers using it to steal data. Besides, in Apple’s documentation presents examples of such Windows that allows virtually any developer to copy and implement in your own application.
“I decided not to open the source pop-up notifications, however, note that this is less than 30 lines of code, any iOS developer can easily create your own phishing window,” notes Krause.
For the average user, this window looks exactly the same as the system window. Krause notes that it can be distinguished only by minor details like use other type of quotes.
As a precaution he proposes to exit the application as soon as a requirement to enter the password of the account. If with it will close and the warning that it was a fake window, and if I stay it system. We also recommend that users enable two-factor authentication. In this case, even if the wrong people get your password, they will not be able to access the account.
Krause added that the vulnerability exists for quite a long time and Apple has not taken any action to address it. As a solution he proposes to mark notifications from apps that the user could distinguish phishing password window.
© 2017, z-news.link. All rights reserved.