jansoucek found a bug in the Apple IOS 8.3 Mail.app, resulting in „meta http-equiv=refresh HTML tag in email messages not being ignored. This bug allows remote HTML content to be loaded, replacing the content of the original email message. With simple HTML and CSS its possible to build a functional password „collector“.
This bug was published to Apple on 15.01.2015 but the fix is not delivered till now
Source and Proof of concept code is available on github.