Apple iPhone mail, Safari prone to spoofing

A security researcher discovered some design flaws in Apple's iPhone that could leave the smartphone vulnerable to phishers and spammers.

A basic design flaw in the Apple iPhone makes it susceptible to a URL spoofing vulnerability, according to a security researcher who discovered the flaw.

Israeli vulnerability researcher Aviv Raff, is warning that the iPhone's mail and Safari browser applications could be exploited by an attacker using a common phishing method. The flaw was found in versions 1.1.4 and 2.0 of the iPhone firmware.

An attacker can pass a spoofed URL in a spam message, making it appear as though it came from a trusted source, such as a bank or popular social network. If the victim clicks on the link, Safari will open and display the URL as if it was from the trusted site, Raff said.

Technical details are being withheld until Apple releases a patch. Raff said Apple is aware of the problem and is working on a fix. Users should avoid clicking on links in email messages from the mail application, even if they appear to come from a trusted website, Raff said.

"Instead, a user should enter the URL of the website manually in the Safari application," he said.

Dig deeper on Emerging Information Security Threats



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: