IOS 11.0.3 is out, go download it now

Proof-of-concept demonstrates how easy it is to fool Apple users with a simple popup

Developer Discovers iOS Flaw that Tricks Users to Give Away Apple ID Password

Today, iOS 11.0.3 was released, apparently for the sole objective of exterminating a couple of bugs that were affecting users of the Apple iPhone 6s, the Apple iPhone 7 and Apple iPhone 7 Plus. As you can see in the screenshot above, this comes in the form of a password request that looks pretty much identical to the one that Apple uses themselves. He noted that any developer with malicious intent can incorporate a dialog box that mimics iOS' password prompt.

You can protect yourself from the fake pop-up scam by never inputting passwords into an Apple pop-up. It's absolutely vital that you do that before going ahead with the tutorial.

In researching the attack Krause found that users aren't always shown their email address when they are prompted for their password, which further lowers the bar for an attacker as they do not have to present the user's email in order to obtain their password.

The vulnerability, which could potentially allow criminals to gain access to an iPhone owner's Apple account, was demonstrated by mobile app developer Felix Krause in a blogpost Tuesday.

Mr Krause said malicious developers can turn on alerts inside their apps that look nearly identical to Apple's pop-ups using a simple bit of code.

Glencore PLC (GLEN) Given a GBX 380 Price Target at UBS AG
The shares were purchased at an average cost of GBX 352 ($4.63) per share, for a total transaction of £457.60 ($601.63). III also sold $70,752 worth of Smith & Nephew plc (LON:SN) shares. 44 funds opened positions while 77 raised stakes.

"As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so".

"This could easily be abused by any app..."

Hackers who access your Apple ID password could make fraudulent purchases and potentially steal your payment information.

Instead, Mr Krause said, you should go into your iPhone's settings menu and enter it there to confirm it's a real request from Apple. That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store.

Latest News