Researchers warn Apple users are being trained to fall for simple phishing attacks from the platform's use of seemingly random prompts to sign into the iTunes store. Apple iOS often asks users to enter their passwords, often after system updates or for applications that get stuck during installation, bur researchers warn Apple's unfettered use of the prompts are conditioning users to foolhardily enter their passwords whenever prompted by the familiar box. Independent researcher Felix Krause created a proof-of-concept phishing prompt to demonstrate how easily an attacker could create an identical prompt that could be pushed onto an unsuspecting user's device. The researcher stated that Apple should look to combat future attacks by prompting users to reenter their passwords through the settings app instead of constantly asking users to reenter credentials, and use symbols to indicate if prompts are coming from apps and not from the operating system.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street