iOS discovered big BUG, ​​user iCloud password might leak * Source: arstechnica, TECH2IPO / Transcend editor released after a security researcher recently published a attack code. He said hackers can easily steal this code to use the latest version of the iOS system users iCloud account password. The code has been validated, it takes advantage of the native iOS email application Mail vulnerabilities. Since April this year released iOS 8.3, Mail application has been not properly shielded HTML code for a new mail message containing potentially dangerous. Was released attack code that exploit this vulnerability: it can download a copy of the original iCloud login prompt looks exactly the same form from a remote server. Each time a user opens the possession Air Jordan 1 trap information counterfeit iCloud login screen will appear. GitHub user jansoucek in a readme file Air Jordan 10 said: 'The remote HTML content can use this bug to load, and then replace the original e-mail message.' We can not use JavaScript in this UIWebView in, but hackers can still use simple HTML and CSS establish a working password 'collectors.' To prevent users from doubt, hackers can be programmed for this vulnerability. In this way they can make the password prompt screen appears only once, rather than each time a user browse a malicious message appeared. To mimic Apple originally used to authenticate the user's login prompt interface, this attack code used an auto-focus function when the user clicks 'OK' button after Hide conversation area. As long as the user receives a message this HTML code tags contain 'refresh meta http-equiv =', the hacker can use networked computers to create a counterfeit remote login prompt. Next, the malicious hackers embed images in a message in Mail application's built-in browser to trick the user to enter their password. In addition to steal passwords addition, hackers can also exploit this Nike Heels Boots vulnerability to send '' beacon. So he knows what the sender recipient has read the malicious e-mail, when reading a malicious e-mail, from any web browser malicious e-mail address. Rob \u0026 middot; Graham (Rob Graham) is a company Errata Security CEO, has been using IPhone. He believes that this vulnerability is very serious, because many times the normal iOS system will display the password login screen, which increases the chances of victims Nike Shoes of the user. In his view, the user experiences requires a password prompt screen when the best way is to click Cancel and not enter any login information. Most of the time, users will not bring cancel password after what serious consequences, worst case is, once again prompted the system asks the user to enter a password. If you really need to enter a password, then Kids Shoes they should make sure that this time he did not open any e-mail. IOS users will be more experienced using other methods to prevent risks: encountered password login prompt, the user can click on the Home button. iOS system login prompt belong 'modality mode', which means that users can click OK or Cancel button, you can not carry out other operations. Fake login prompt interface is not the Air Jordan 7 Retro case, the user clicks the Home button will return to the main screen. The researchers found that the vulnerability, said he in January Air Jordan Women to submit the vulnerability to Apple, but the company has not repair it. Apple said in a e-mailed statement, said: 'To our knowledge, there is no user affected by this vulnerability we are trying to fix, will solve this problem in the upcoming iOS system updates..' In addition, the company is also strongly recommended to use the two-factor authentication.