A new bug in Apple’s iOS mobile operating system has the potential to collect the passwords of users with a single malicious email.
The Register reports that security researcher Jan Souček discovered that Apple ignores a key line of code in incoming emails: <meta http-equiv=refresh>
What that code means is that emails opened on an iPhone, iPad or iPod can be used by hackers to load any HTML content inside an email.
The flaw lets hackers send an email that looks like it’s from a real company, but is actually used to steal your password through a fake form that looks legitimate.
Here’s a video explaining the flaw:
Souček says that Apple knew about the flaw since January, when he filed a bug report with the company. But so far the flaw hasn’t been fixed.
We reached out to Apple for comment on this article and will update if we hear back.