







Soucek had reported the issue to Apple team in January, but unfortunately he didn't get any response from Apple. Apple security team had also not confirmed the security bug till yet.





Soucek says -

"This bug allows remote HTML content to be loaded, replacing the content of the original email message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password 'collector' using simple HTML and CSS."

A security researcher claims to have developed a way to send iCloud users fake phishing emails that, by exploiting a security bug in Apple's mobile operating system, could make millions of customer passwords vulnerable.Researcher Jan Soucek, have built an iOS 8.3 Mail.app inject kit which exploits a bug in the Apple mobile operating system's native email client to produce a realistic pop-up that looks just like the kind of messages Apple users normally see when they're asked to enter their password.Apple team have not commented on this report, but this issue once again shows how easily scammers and hackers perform a Phishing attacks upon Apple's users.Soucek had published his tools on GitHub and says it is a better phishing tool than using a form directly within a HTML email because it targets only users of the iOS app and allows changes to be made to already live phishing campaigns.You can also check the POC demonstration of the Mail.aap in a videoLast time, iCloud hacked was headlines for several media, where thousands of celebrities private photos were leaked under a campaign called "