Skip to main content
  1. Home
  2. Phones
  3. Apple
  4. Business
  5. Mobile
  6. News

Beware of iCloud login prompts: A new security flaw lets hackers steal your info

By
Add as a preferred source on Google

Apple’s mobile operating system iOS has a reputation for being more secure than Android, but recently, it seems that more hackers are targeting iPhone and iPad users. A GitHub user by the name of Jansouceket discovered yet another iOS vulnerability back in January and reported it to Apple. The friendly hacker demonstrated how an attack code can be used in the Mail app to steal users’ iCloud logins and other sensitive information.

Apparently, ever since Apple released iOS 8.3 in early April, the Mail app has stopped removing potentially dangerous HTML code from the emails users receive. One tag instructs the Mail app to download and execute code remotely. The command then brings up a form box, which mimics the appearance of an iCloud log in request box. If the user logs in, the hacker can then steal his or her iCloud account user name and password. With these two pieces of information, the hacker can steal other personal information stored in iCloud.

Proof-of-concept: iOS 8.3 Mail.app attack

“This bug allows remote HTML content to be loaded, replacing the content of the original email message,” Jansoucek wrote. “JavaScript is disabled in this UIWebView, but it is still possible to build a functional password ‘collector’ using simple HTML and CSS [cascading style sheets].”

Recommended Videos

To make matters worse, the vulnerability places a tracking cookie in the Mail app, so that the code doesn’t execute the same command every time the infected email is opened in the app. That way, the user doesn’t get suspicious of the message or notice the link between that specific email and the iCloud login prompt. Additionally, the hacker can change the code at any time to access different information.

Luckily, there is a trick iOS users can employ to protect themselves from the hack. Although the malicious code does a pretty good imitation of the iCloud login box, it isn’t perfect. First off, the box asks for both your Apple ID and your password, while iCloud typically asks for only your password and already displays your user name. Secondly, the box isn’t modal, so the background doesn’t fade and the screen isn’t static when the prompt comes up. Additionally, keyboard suggestions remain activated, which is something that never happens when you receive an iCloud prompt on iOS.

Of course, these differences are subtle, and many won’t notice them. Apple has yet to respond, but hopefully the patch will come soon. Until then, the next time you see an iCloud login request, check for these telltale signs to ensure that you’re not being hacked.

Malarie Gokey
Malarie Gokey
Former Mobile Editor
As DT's Mobile Editor, Malarie runs the Mobile and Wearables sections, which cover smartphones, tablets, smartwatches, and…
Topics
iOS 27’s Liquid Glass slider looks simple, but it’s more useful than I expected
Text, Document, Business Card

Let's be honest: few iOS design changes have sparked as much debate as Liquid Glass. When Apple first introduced it with iOS 26, the internet immediately split into two camps. Some people loved the fresh, translucent look, while others couldn't stand it and felt it made parts of the interface harder to read. I happened to be firmly in the first camp. At the time, I was using an iPhone 14 Pro Max, and installing the update was one of the first things I did. I loved how the new design made iOS feel more modern and dynamic. The transparency effects gave the interface a sense of depth, making the entire experience feel fresh again.

That said, it's easy to understand why not everyone felt the same way. After months of feedback, screenshots, hot takes, and endless debates online, Apple eventually responded by giving users more control. Instead of forcing everyone into the same look, it introduced options that let people choose between a clearer glass effect and a more tinted appearance. With iOS 27, Apple is putting the Liquid Glass debate completely in your hands. A new slider lets you customize the effect exactly the way you want it, whether you prefer a crystal-clear look or something easier on the eyes. Here's what it does and how to make the most of it on your iPhone.

Read more
Apple users are being targeted by a familiar tech support scam
Apple users face a new wave of fake iPhone and iCloud security warnings
iPhone user

AI has made online scams harder to spot by making deepfakes, voice cloning, and fake messages more realistic. Even so, the old tech support scam is still catching victims. For years, fraudsters often posed as Microsoft support workers. Now, reports suggest many are shifting their attention to Apple users.

Consumers are reporting a rise in fake “Apple High Alert” messages that claim an iPhone, iCloud account, or Apple ID has been compromised. These messages are designed to make people panic and react quickly before they can stop to check whether the warning is real.

Read more
iOS 27 puts a much better dictation experience on your iPhone, and you must enable it
A better dictation system is already on your iPhone. Apple just didn't switch it on.
Electronics, Phone, Mobile Phone

If you have an iPhone 17 Pro, iPhone 17 Pro Max, or iPhone Air running iOS 27 beta, you have a meaningfully better dictation system on your device right now. 

However, Apple did not turn it on by default, and most users have no idea it is there.

Read more