Security hole leaves iPhone users vulnerable

 

Gallery

By Matthew Sparkes

Posted on 24 Jul 2008 at 11:45

A security vulnerability could leave iPhone users open to malicious phishing attacks by allowing spammers to spoof URLs sent within emails.

The flaw affects the iPhone Mail application and Safari browser running on versions of 1.1.4 and 2.0 of the iPhone software, claims security researcher Aviv Raff.

The flaw enables spammers to create a link which appears to point at a reputable site, but which in fact can lead to any third party site.

"By creating a specially crafted URL, and sending it via an email, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain," explains Raff on his personal blog.

Apple has acknowledged the flaw in the Mail application he claims, but is still investigating the issue with Safari.

"Until a fix is available, I suggest to avoid clicking on links in the Mail application which refers to trusted web sites. Instead, a user should enter the URL of the website manually in the Safari application," warns Raff, claiming that technical details of the vulnerability will be withheld until a patch is released to the public.