Vulnerability in Mail in iOS 8.3

Vulnerability allows you to embed a phishing email that does not differ in appearance from the login form and password in iCloud.

Under the cut is a code example that exploits the vulnerability.

The bug allows you to replace the HTML content of the letter remotely with a pop-up window asking you to enter a password. In order for the email client to download the phishing window, the letter must contain a tag

<meta http-equiv=refresh> 

In the UIWebView element, JS is disabled in which the letter is located, but this can be done using HTML and CSS.
')
Ian Soucek - who found and published information about the vulnerability, said that Apple was notified in January, but there are still no updates closing this error in version 8.1.2.

Sample code can be found on github .