Jan Soucek has discovered a new bug in the iOS mail app that could load remote HTML code replacing the original content of the message. Back in January 2015 I stumbled upon a bug in iOS’s mail client, resulting in HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.The bug could be used to create fake iCloud-like login forms that would capture passwords and more –right within the iOS Mail app. Soucek says he notified Apple of this bug back in January 2015, but the company never issued a fix — so he published a proof of concept to put pressure on Apple to fix the bug.Share Article:Facebook,   Twitter,   LinkedIn,   Google Plus,   Email,   Reddit,   Digg,   Delicious,   StumbleUponFollow iClarified:Facebook,   Twitter,   LinkedIn,   Google Plus,   Newsletter,   App Store,   YouTubeAdvertise Here

Source: iClarified Read More: iOS Mail Bug Could Be Used to Phish Passwords From Users