Despite Apple's efforts to prevent it, the iOS operating system remains vulnerable to attack. And we are not talking about the failure that allows you to restart the iPhone with an SMS message, but we are facing a much more serious threat: the theft of iCloud passwords. It turns out that a developer has published a video in which he shows an iOS security flaw that allows the iCloud password to be stolen from any iPhone or iPad and, unless the affected user knows the security measures that we are going to mention in this article, you are very likely to fall into the trap.
But first, let's identify this security flaw. Without going into technical details, we are facing a security flaw that allows you to send emails impersonating Apple and, at the same time, incorporating a pop-up window in which the user is requested to enter their email and iCloud password. The emails look completely normal, and the level of detail of this threat is such that any user without technical knowledge could be perfectly embroiled in the trap.
In fact, in the video echoed by the American website ArsTechnica we can see how easy it is to carry out an attack of this type (and how real the appearance of the email that the affected users receive is). As you can see in the video, the threat is present even in the version of iOS 8.3 of the operating system iOS.
9wiMG-oqKf0
But, for the peace of mind of Apple users, there are certain clues that can allow us to quickly detect this fake email. To begin with, it is practically impossible for Apple to ask us to enter our iCloud password from an email, and less if it asks us to do so in a pop-up window. Also, if we look at the small details, we will see that the pop-up window of this fake email scrolls up when the virtual keyboard is opened, which in itself should already alert us before entering any password.
And, while it is true that Apple still has pending matters when it comes to the security of their mobile devices, common sense is the best protection that iPhone or iPad owners have. Keeping an iPhone or iPad safe is not complicated at all, and we can protect our device against any threat by following three simple steps. In the case of this specific security breach, simply by having the two-step verification activated we prevent our password from passing into the hands of others.
