10-06-2015, 07:41
<kilde> Skrev:Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.https://github.com/jansoucek/iOS-Mail.ap...ree/master
It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.
Demo: https://www.youtube.com/watch?v=9wiMG-oqKf0
Nogen der har prøvet at lege med det?