If you’re an iOS user who relies on the default Mail app to check your mail, you might want to take extra precaution. It has recently been discovered by security research Jan Soucek (via 9to5Mac) that there exists a bug in the app that could allow a hacker to launch a phishing attack on you through your iOS device.
According to Soucek, the bug allows an attack to run a remote piece of HTML code when an email is open. That code could be used to simulate a prompt asking you to log into your iCloud account. However given that this is a phishing attack, entering your credentials would basically give it to the hacker which they could then use to steal your personal information or make purchases using your credit card.
However Soucek points out that the iCloud login prompt is only an example of what a hacker could do should the bug be exploited. It could be used to prompt banking information, your phone number, and other details you might not have chosen to share publicly, and so on. That being said, Soucek also stated that this bug was first detected and filed with Apple back in iOS 8.1.1 in January.
It seems that even until now, Apple has yet to address the issue which is why Soucek has decided to go forward publicly with it. The downside is that hackers who weren’t aware of the bug are now aware of it, but hopefully now that you know about it, you’ll be much more wary the next time you get a login prompt while using the Mail app.