Home > Security News > Apple iPhone mail, Safari prone to spoofing
Security News:
EMAIL THIS

Apple iPhone mail, Safari prone to spoofing

By SearchSecurity.com Staff
23 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

A basic design flaw in the Apple iPhone makes it susceptible to a URL spoofing vulnerability, according to a security researcher who discovered the flaw.

Israeli vulnerability researcher Aviv Raff, is warning that the iPhone's mail and Safari browser applications could be exploited by an attacker using a common phishing method. The flaw was found in versions 1.1.4 and 2.0 of the iPhone firmware.

An attacker can pass a spoofed URL in a spam message, making it appear as though it came from a trusted source, such as a bank or popular social network. If the victim clicks on the link, Safari will open and display the URL as if it was from the trusted site, Raff said.

Technical details are being withheld until Apple releases a patch. Raff said Apple is aware of the problem and is working on a fix. Users should avoid clicking on links in email messages from the mail application, even if they appear to come from a trusted website, Raff said.

"Instead, a user should enter the URL of the website manually in the Safari application," he said.



Tags: Emerging Information Security ThreatsWeb Browser SecurityEmail and Messaging Threats (spam, phishing, instant messaging)VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Emerging Information Security Threats
RSA security conference 2010: news, interviews and updates
Hackers to sharpen malware, malicious software in 2010
Modern malware, stealthy botnets, adapt quickly, expert says
New ransomware Trojan pushes victims to buy software
Bruce Schneier on outsourcing, awareness training
US-CERT warns of BlackBerry snooping software
Marcus Ranum on cyberwarfare, infosec careers
Researchers find thousands of flawed embedded devices
Enterprise botnets contain thousands of malware variants
Nuke and pave to eradicate botnets

Web Browser Security
Exploit code targets Internet Explorer zero-day display flaw
InZero Systems launches hardware-based security gateway
Web security firm ranks Firefox, Safari browsers as flaw prone
Microsoft fixes security update that breaks Internet Explorer
Mozilla update repairs Firefox buffer overflow vulnerabilities
Kaspersky system analyzes malicious URLs on Twitter for malware
Silon malware intercepts Internet Explorer sessions, steals credentials
Do Facebook URL security concerns justify blocking social networks?
Phishing attacks to remain a major problem, say security experts
Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
Web Browser Security Research

Email and Messaging Threats (spam, phishing, instant messaging)
New Zeus spam poses as Social Security statements
Messaging security risks have upper hand on solutions
Web-based attacks skyrocket, pirating sites surge, security firms say
Pushdo botnet uses Facebook to spread malicious email attachment
Scareware report highlights successful business model
How to prevent phishing attacks with social engineering tests
Phishing protection begins with training, antiphishing evangelist
Phishing attacks to remain a major problem, say security experts
Barracuda acquires Purewire expanding Web security reach
FBI raids phishing crime ring, nearly 100 arrested
Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
DNS rebinding attack  (SearchSecurity.com)
drive-by pharming  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
phlashing  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)
pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts