A new vulnerability has recently been called off by Felix Krause. Hackers seem to be implementing bogus "Sign In to iTunes Store" alerts in applications and games to trick users into giving off their passwords, the dialogs created by the hacker can easily be 1:1 with the original iOS one, so it is hard to tell whether you're dealing with a legit system message or somebody is just snatching your data.
According to Felix Krause, there are methods users can apply to check the authenticity of the iTunes Store Sign In dialogs. For starters, you should press the Home button. Normally, the system dialog would run in a separate process than the application or the game, so pressing the home button should not dismiss the dialog, nor should close the app while the dialog is on the screen. If it does, this means that the application has used a customized UIAlertView in their code to try to get your credentials.
Pay attention to the signs. Don't jump ahead and write your password just yet, check for anything that might seem a bit off, like misplaced text, different symbols, different phrasing, for example, in the example screenshots posted by Felix, the only difference was that the speech marks in the fake dialog were a bit different than the system ones. Always check for such signs. IF you have doubts about the app, or if you feel like you shouldn't be asked for your password as you're already logged in or you already downloaded something recently with no problem, don't type anything!
Check with a dummy.
Maybe the safest way available. If the application suddenly pops a log in dialog very similar to the one used by the iOS itself, write some random text and press the Sign In button. If the app segues to the next window or accepts your input with no complains, you can be sure it was not a real log in dialog from Apple, but a phishing form. System dialogs would error out if the Apple ID and the password do not match.
Stay safe and subscribe for more iOS and Jailbreak info 🙂
▽ Resources ▽
▶ Felix Krause's blog post
▶ iOS 10.3.3 GREAT JAILBREAK NEWS: NEW EXPLOIT PUBLISHED (WiFi)
▶ Siguza's thoughts on this
▶ Great News For JAILBREAK: Xerub Released a KPPless Extra Recipe Branch
▶ NEW Saigon Jailbreak
▶ iOS 10.3.3 / iOS 11 JAILBREAK UPDATE & STATUS (OCTOBER WEEK 1)
▶ Great News For JAILBREAK: Apple Open-Sourced The iOS Kernel