Latest iOS Mail Bug Makes Stealing Your iCloud Password Easy As (Apple) Pie
The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information.
Specifically, the app vulnerability lies at the feet of a bug in the Mail app that prevents the HTML tag in e-mail messages from being ignored. This allows remote HTML content to be loaded into an email, and thus replace the actual email message content. The bad guys can then employ a password collector using HTML and CSS (Souček built one himself), and voila...iCloud breach accomplished.
With a user's iCloud credentials in hand an avid troublemaker can access and download any and all data stored in the cracked account to a computer or another mobile device, without limitation.
Apple has, of course, been under significant fire over the breach of a large number of celebrity iCloud accounts last year, a security compromise that resulted in the public release of some very private (and quite NSFW) communications and photos between various members of the beautiful set and those with whom they would share their racier thoughts and selfies. Since that time the company has tightened up their iCloud defenses, by offering two-factor authentication and by sending notifications to users whenever a their account is accessed by an unknown device or their password is changed.