Apple iPhone mail, Safari prone to spoofing Staff

A basic design flaw in the Apple iPhone makes it susceptible to a URL spoofing vulnerability, according to a security researcher who discovered the flaw.

Israeli vulnerability researcher Aviv Raff, is warning

Requires Free Membership to View

that the iPhone's mail and Safari browser applications could be exploited by an attacker using a common phishing method. The flaw was found in versions 1.1.4 and 2.0 of the iPhone firmware.

An attacker can pass a spoofed URL in a spam message, making it appear as though it came from a trusted source, such as a bank or popular social network. If the victim clicks on the link, Safari will open and display the URL as if it was from the trusted site, Raff said.

Technical details are being withheld until Apple releases a patch. Raff said Apple is aware of the problem and is working on a fix. Users should avoid clicking on links in email messages from the mail application, even if they appear to come from a trusted website, Raff said.

"Instead, a user should enter the URL of the website manually in the Safari application," he said.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: