iPhone has phishing vulnerability

The iPhone's Mail and Safari browser applications are prone to a URL spoofing vulnerability, which may allow attackers to conduct phishing attacks against...

The iPhone's Mail and Safari browser applications are prone to a URL spoofing vulnerability, which may allow attackers to conduct phishing attacks against the phone's users.

Security researcher Aviv Raff has revealed the vulnerability in his blog. By creating a specially crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL, shown in the mail application, is from a trusted domain, such as a bank, PayPal or a social network.

When clicking on the URL, the Safari browser will be opened. The spoofed URL, shown in the address bar of the Safari browser, will still be viewed by the victim as if it is from a trusted domain.

iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability. Earlier versions may also be affected, said Raff.

Raff is currently withholding the technical details of the vulnerability until a fix is delivered by Apple.

He said Apple has acknowledged the vulnerability in the Mail application, and is still investigating the issue in the Safari for iPhone browser.

Enterprise use of iPhone 3G raises iTunes security concerns >>

Apple iPhone crack discovered by security researchers >>



CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I feel that nothing connected to the internet is safe. If there is any data on the device worth something to someone there will be someone out there trying to steal it.
Cancel
Everything online is vulnerable. And whatever we've been doing to keep us safe isn't working. I'm not sure why we can't conquer this and stop the data thieves. 
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close