iOS (originally iPhone OS) is a mobile operating system created and developed by Apple Inc. and distributed exclusively for Apple hardware. It is the operating system that presently powers many of the company’s mobile devices, including the iPhone, iPad, and iPod touch.
iOS 10.0.3 fixes bugs including an issue where some users could temporarily lose cellular connectivity.
For information on the security content of this update, please visit this website: https://support.apple.com/kb/HT201222
A growing number of Verizon subscribers are complaining about a serious issue that causes them to regularly lose LTE connectivity on their iPhone 7 and iPhone 7 Plus devices, suggesting a major bug that needs to be resolved by either Apple or Verizon. „Mac Rumors“
Complaints about call connection problems with Apple Inc.’s iPhone 7 models are spreading across social media in China just weeks after the devices were released. „Bloomberg“
Demonstration of proof-of-concept attack on iOS’s Mail app. Apple was notified about technical details of this vulnerability on 2015-01-15
The source of this iOS’s Mail app exploit was posted here : https://github.com/jansoucek/iOS-Mail.app-inject-kit
iOS 8.3 Mail.app inject kit
It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.
The exploit got a nice CVE-2015-3710 sticker and was fixed by Apple in iOS 8.4 and OS X 10.10.4. Kudos to Apple for prompt response once it was published publicly.
Edit the e-mail address you would like to use for password collection in framework.php
Upload index.php, framework.php and mydata.txt to your server
Send an e-mail containing HTML code from e-mail.html to the research subject
Don’t forget to change the modal-username GET parameter value to the e-mail address of the recipient
You can use https://putsmail.com for testing purposes
Framework7: Vladimir Kharlampidi (http://www.idangero.us/framework7/) – Framework7’s CSS code was used for the login dialog styling
The code detects that the research subject has already visited the page in the past (using cookies) and it stops displaying the password prompt to reduce suspicion.
The e-mail address and password are submitted via GET to framework.php, which then saves them to the mydata.txt file, sends them out via e-mail to the specified „collector“ e-mail address and then returns the research subject back to Mail.app using redirect to message://dummy.
The password field has autofocus enabled. We then use focus detection to hide the login dialog once the password field loses its focus (e.g. after the subject clicks on OK and submits the password). Why even bother with this redirect nonsense when you can put <form> directly inside the HTML e-mail?