The hits keep coming for iOS today, don’t they? A new report suggest in-app browsers for iOS can log you keystrokes, right down to your username and/or password. Via a video, which you can see below, Developer Craig Hockenberry shows just how vulnerable you are outside of Chrome or Safari.
An in-app browser is one that an app defaults to when you click a link. This is usually found in third-party Twitter or email clients, but isn’t limited to those types of apps. The vulnerability isn’t limited to the newest version of iOS, either; it affects both iOS 7 and iOS 8.
As you can see in the video, Hockenberry uses a pretty straightforward client browser. The username and password are displayed across the top of the screen, showing it’s picking up what is typed in real-time. According to Hockenberry, he’s accessing the mobile Twitter website which could open him up to more issues.
If you encounter a browser in an app, just go ahead and redirect to Safari or Chrome. Better safe than sorry.
Via: Mac Rumors