Full title: iOS 8.1.2 Mail.app Injection - Load remote content without user interaction 
Category: remote exploits
Platform: iOS
This exploit allows an attacker to load remote website inside iOS's native Mail.app without any user interaction other than opening the HTML e-mail message containing the payload.


Example:
After opening the malicious message: http://i.imgur.com/GPMqdOv.jpg (iPhone) http://i.imgur.com/zJ7W24N.jpg (iPad)
The e-mail body is instantly (the delay is configurable) replaced by the attacker's website: http://i.imgur.com/LJSyV4F.jpg (iPhone) http://i.imgur.com/SlhkTzR.jpg (iPad)

# 0day.today @ http://0day.today/