Apple’s Long-Running iOS Account Sign-In Dialogs Create Vulnerabilities (Oct 10, 2017)

A developer named Felix Krause has surfaced an issue that’s been present in Apple’s iOS for a long time and which I’ve often wondered about myself, which is that the operating system periodically pops up what appear to the user to be random dialog boxes asking users to supply their Apple ID passwords. Because of the seemingly random times and places these dialogs show up, they train users to enter their passwords when using apps, which means that apps could at least theoretically recreate these dialogs with their own and thereby phish users’ Apple ID details, creating a security vulnerability. The post Krause wrote about this suggests several fixes, the most of obvious of which is that these dialogs should direct users to the Settings app rather than prompting for a password directly. In my opinion, it would also be nice if the dialogs explained why the user suddenly had to re-enter their password – the lack of explanation is another long-standing niggle I have with these dialogs. But this feels like a rare goof by Apple, which is normally so strong on privacy and security but has here created a situation which could easily be exploited by malicious parties. It’s easily fixed, though, and hopefully Apple will do so soon.

via Felix Krause

The company, topic, and narrative tags below will take you to other posts with the same tags. The narrative link(s) will also take you to the narrative essay which provides additional context behind the post.

Vote for or share this post

Use the Like button below to vote for this post as one of the most important of the week. The posts voted most important are more likely to be included in the News Roundup podcast episode I do each week. Or use the sharing buttons to share a link to this post to social networks or other services.