Prepare to change your iOS password. A security researcher claims to have developed a way to send iCloud users fake phishing emails that, by exploiting a security bug in Apple's system, could make millions of customer passwords vulnerable.
Jan Soucek, a white hat hacker (meaning he uses his powers for good, not evil), built an iOS 8.3 Mail.app popup that looks just like the kind of messages Apple users normally see when they're asked to enter their password. Instead of giving an iCloud user access to their account, though, it enables hackers to take control of a target's computer. Apple has not verified that the security bug exists and Soucek did not hear back when he tried reporting the issue, according to the Register, a British tech publication.
Again, Apple has yet to confirm the hack is authentic and no iCloud users appear to have been affected by the security bug. But the issue again underscores how easily phishing attacks, in which hackers ask users to input their information into what appears to be a trusted page, can wreak havoc on someone's digital life. It's also another headache for the iCloud, which was exploited in the hack that led to hundreds of celebrity nude photos being posted online without their knowledge or permission.