Tråd bedømmelse:
  • 0 Stemmer - 0 Gennemsnit
  • 1
  • 2
  • 3
  • 4
  • 5
Github - iOS 8.3 Mail.app attack
10-06-2015, 07:41
#1
Github - iOS 8.3 Mail.app attack


<kilde> Skrev:Back in January 2015 I stumbled upon a bug in iOS's mail client, resulting in <meta http-equiv=refresh> HTML tag in e-mail messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.

It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Demo: https://www.youtube.com/watch?v=9wiMG-oqKf0
https://github.com/jansoucek/iOS-Mail.ap...ree/master

Nogen der har prøvet at lege med det?
Don't learn to hack, hack to learn
Find alle beskeder fra denne bruger
Citer denne besked i et svar
10-06-2015, 14:42
#2
RE: Github - iOS 8.3 Mail.app attack
Morsomt :) Nej jeg havde egentlig ikke hørt om det.
Mangler du hjælp?
Regler |  E-mail (PGP)
Besøg denne brugers hjemmeside Find alle beskeder fra denne bruger
Citer denne besked i et svar
« Ældre | Nyere »




User(s) browsing this thread: 1 Gæst(er)