When the iOS 8.4 update finally sees a release date it will likely fix a vulnerability with Apple’s Mail app, which would allow a hacker to steal your iCloud password. This version of Apple’s iPad and iPhone operating system is currently at beta 4, so the public version of iOS 8.4 should be releasing very soon to the delight of Apple device users.
There’s reports that the current iOS 8.3 version has a flaw that could allow deadly HTML code to land in your inbox, according to one researcher. This Apple Mail app bug could allow a hacker to obtain your iCloud passwords and proof has been offered within a video, which landed on YouTube in January 2015.
It’s true that the proof-of-concept video starts with a HTML injection exploit for Mail.app running on the older 8.1.2 version, although the demo has been updated to prove it works as an iOS 8.3 Mail.app attack.
This results in a login screen being opened that looks just like the official iCloud service, but this would fool some people to put their passcode in and hand it to hackers using remote HTML content. It’s been a number of months since this exploit was reported to Apple, but the hole hasn’t been patched by any public iOS 8 updates to date.
Now that the bug has gone public and is being picked up by a number of blogs, news outlets, and of course Product Reviews, we expect Apple will fix this problem within iOS 8.4 and of course iOS 9. See the video below, which demos how the exploit is performed.