Apple iPhone Mail phishing vulnerability problem found
It seems the iPhone simply can’t have a day without some bad news hitting the net waves; it would be nice for some good news for a change. This time apparently some security expert is claiming using the iPhone mail and Safari browser may leave the owner vulnerable to phishing attacks.
The warning comes from Computerweekly.com where they say security researcher Aviv Raff revealed in his blog that by creating a specially crafted URL and dispatching it via email an attacker could convince the user a spoofed URL is from a trusted domain.
Raff said: “When the iPhone user then clicks on the URL, the Safari browser will be opened. The spoofed URL, shown in the address bar of the Safari browser, will still be viewed by the victim as if it is from a trusted domain.”
Thus the user will be prone to phishing attacks as they enter their private info such as passwords, because they will believe they are on a legit site and not a fake one.
Raff says: that iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability, but earlier versions may also be affected, and in addition the iPhone’s Mail app is also spammable.
Apparently Apple has acknowledged the vulnerability in the Mail app and is investigating the issue with Safari.