Skip to main content

Beware of iCloud login prompts: A new security flaw lets hackers steal your info

Apple’s mobile operating system iOS has a reputation for being more secure than Android, but recently, it seems that more hackers are targeting iPhone and iPad users. A GitHub user by the name of Jansouceket discovered yet another iOS vulnerability back in January and reported it to Apple. The friendly hacker demonstrated how an attack code can be used in the Mail app to steal users’ iCloud logins and other sensitive information.

Apparently, ever since Apple released iOS 8.3 in early April, the Mail app has stopped removing potentially dangerous HTML code from the emails users receive. One tag instructs the Mail app to download and execute code remotely. The command then brings up a form box, which mimics the appearance of an iCloud log in request box. If the user logs in, the hacker can then steal his or her iCloud account user name and password. With these two pieces of information, the hacker can steal other personal information stored in iCloud.

Proof-of-concept: iOS 8.3 Mail.app attack

“This bug allows remote HTML content to be loaded, replacing the content of the original email message,” Jansoucek wrote. “JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS [cascading style sheets].”

Recommended Videos

To make matters worse, the vulnerability places a tracking cookie in the Mail app, so that the code doesn’t execute the same command every time the infected email is opened in the app. That way, the user doesn’t get suspicious of the message or notice the link between that specific email and the iCloud login prompt. Additionally, the hacker can change the code at any time to access different information.

Luckily, there is a trick iOS users can employ to protect themselves from the hack. Although the malicious code does a pretty good imitation of the iCloud login box, it isn’t perfect. First off, the box asks for both your Apple ID and your password, while iCloud typically asks for only your password and already displays your user name. Secondly, the box isn’t modal, so the background doesn’t fade and the screen isn’t static when the prompt comes up. Additionally, keyboard suggestions remain activated, which is something that never happens when you receive an iCloud prompt on iOS.

Of course, these differences are subtle, and many won’t notice them. Apple has yet to respond, but hopefully the patch will come soon. Until then, the next time you see an iCloud login request, check for these telltale signs to ensure that you’re not being hacked.

Malarie Gokey
Former Digital Trends Contributor
As DT's Mobile Editor, Malarie runs the Mobile and Wearables sections, which cover smartphones, tablets, smartwatches, and…
This iOS 18 feature shares your photos with Apple. How to turn it off
A close-up of the Apple Photos app on an iPhone 16.

A relatively new Apple feature makes visual search much more powerful. It also raises privacy concerns, according to developer Jeff Johnson.

Starting with iOS 18 and macOS 15, Apple introduced Enhanced Visual Search (EVS) in the Photos app. This new technology builds on the company’s existing Visual Look Up (VLU) feature, enabling your device to identify landmarks and points of interest in your photos. In doing so, it enhances visual search functionality, allowing you to leave prompts like “Show me photos from the beach” or “Show me photos of sunsets.”

Read more
Here’s every carrier that lets your iPhone send RCS messages to Android phones
A person holding the Apple iPhone 16 Pro Max.

RCS messaging has gained popularity by leaps and bounds this past year, especially in the Western market. More than 1 billion people are estimated to use RCS messaging at present, and a huge part of that growth is due to Apple introducing RCS compatibility with the arrival of iOS 18.

While iOS 18 has supported RCS messaging with Android phones since it launched in September, carrier support was a bit scarce upon launch. Now, Apple has updated its support page with an expanded list of carriers that support RCS.

Read more
If your iPhone can handle iOS 18.2, it can probably handle iOS 19
An iPhone 15 Pro Max running iOS 18, showing its home screen.

The last few iPhone updates have brought a lot of changes with them. Just take a look at iOS 18.2: It introduced a ton of AI-powered features that had never before been available. If you have an older phone, it's easy to worry that its hardware won't be up to snuff for the next round of updates. For now, you can breathe easy: If your iPhone can handle iOS 18, then it should also work with iOS 19, according to a new leak.

The news comes from the French site iPhoneSoft. Although Apple guarantees five years of support for its devices, some devices get supported for longer periods of time, but this tip suggests that any phone currently capable of downloading and installing iOS 18 will also work with iOS 19, although some features could be limited.

Read more