Beware Of This Scary New iOS Bug

Photo: Courtesy YouTube.
If you get an odd pop-up on your iPhone or iPad asking you to enter your iCloud information, beware: It might be a scam to steal your log-in credentials.

Specifically, this is a potential problem in the iOS Mail app. A flaw in iOS 8.3 makes it so a hacker could fake a form that looks exactly like the iCloud log-in prompt, so he or she could gain access to your account. It would pop up when you open a compromised email (either once, or every time you open that email).

Since it's not unusual for your iPhone to prompt you for your log-in information at seemingly random times, this particular bug is pretty serious. Just remember: Don't enter your Apple username and password if that prompt pops up while you've got an email open.

If you do encounter a prompt like this, Errata Security CEO Rob Graham told Ars Technica that the best thing users can do is tap the "cancel" button without entering any log-in credentials — the worst that will happen, in that case, is you'll get prompted to enter the info a second time. But, there's also a way to check whether a log-in box is real or fake: Hit the "home" button. If it's a real system prompt, pressing the "home" button won't do anything. If it's fake, tapping that button will send you back to your iPhone home screen (which is good, because you wanted to get the hell away from that email anyway).

This type of attack, where a trustworthy-looking email or log-in field is actually faked by a malicious third party, is known as "phishing." It's one of the most common techniques hackers use to gain access to an unsuspecting user's account, which they can then take control of to use as a spam bot, to obliterate your digital life, or to use your credit card info to make fraudulent purchases.

If you get an email like this, be sure to report it for phishing so Apple can block it from being sent to others. You're now armed with the knowledge necessary to not get duped, but the next recipient might not be so lucky.

Update: An Apple spokesperson says, “We are not aware of any customers affected by this proof of concept, but are working on a fix for an upcoming software update.”

More from Tech


R29 Original Series