Apple Releases iOS 11.0.3 With Audio and Haptic Feedback Fix [Download]

Apple Releases iOS 11.0.3 With Audio and Haptic Feedback Fix [Download]

Krause says users can protect themselves by hitting the home button on their iPhone if they suspect the login popup is fake.

In the latest version of Twitter for tvOS, the social media service has brought a new feature that allows you to pair your iOS device with your Apple TV as an easy way to tweet while watching specific shows and games.

So far this is just a proof-of-concept and no instances of the vulnerability have been discovered within iOS apps.

This will close the app if it is a phishing scam, but the pop-up will remain if it is a legitimate Apple ID request. As Krause says, "Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so". "This is a tricky problem to solve, and Web browsers are still tackling it; you still have websites that make popups look like macOS/iOS popups so that many users think [are] system message [s]". The developer who made the discovery recommends that you simply don't enter your details into a popup, but rather dismiss it, and open the Settings app manually.

For most users, it's impossible to differentiate between system dialogs and the phishing prompt. He points to the exclamation mark used in some Push notifications, below.

"iOS should very clearly distinguish between system UI and app UI elements, so that ideally it's ... obvious for the average smartphone user that something seems off", Krause added. That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store. Apple is generally on the ball with this type of thing, and would take action if such a violation of its guidelines were detected.