In an anticipated alert, Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications were prone to URL spoofing and could allow others to engage in phishing attacks against iPhone users. Prior to the release of the iPhone on July 11, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release. By crafting a specially designed URL, Raff says an attacker could create an e-mail link that appears in Mail to be from a trusted site (a financial institution or social network). By clicking the link, Safari will open on the phishing site.The issue affects users of iPhone 1.1.4 and 2.0. Raff, who has informed Apple of the vulnerability, declined on his blog to offer more details until a patch is available. Until then, Raff suggests iPhone...
[read full story]
Your Web Site
