AAPL Stock: 124.48 ( + 1.1 )

Printed from

iPhone has phishing, spamming flaws

updated 05:55 pm EDT, Wed July 23, 2008

iPhone open to Phishing?

Security researcher Aviv Raff says the iPhone versions of Mail and Safari are vulnerable to URL spoofing, an exploit that could open the door to phishing attacks. Raff says hackers can e-mail specially-designed URL that links to a site that appears to be legitimate. A user might think it is a trusted site like Pay Pal -- but instead the bogus site steals passwords and other information when the user tries to log on. The maliciously crafted URL is (erroneously) recognized by Safari as a "trusted site."

Until Apple issues a security update, Raff says users should avoid clicking on links to trusted sites within e-mail and instead type in URLs manually. The researcher -- a frequent critic of mainstream OS and browser security -- is witholding details of the exploit until Apple delivers a fix, although information will be available to vendors of security software.

Raff also writes in a blog posting that the iPhone is "spammable," a "basic security design flaw which might already be exploited in the wild." MacNN Forum users have also noted the spam problem, which Raff says Apple has acknowledged.

by MacNN Staff





  1. WaltFrench

    Joined: Dec 1969


    Bad reporting or advice?

    The maliciously crafted URL is (erroneously) recognized by Safari as a "trusted site."

    Odd, the notion of a "trusted site" seems to be a Windows construct. Safari uses certificates and other sources to verify the authenticity of sites, but not this one.

    So while Safari may not warn you that an untrusted site is linking to a trusted site (the bane of my Windows browsing at work because Microsoft's ad server is "trusted," so auto-refresh pages pop up requests every minute or two asking whether it's OK to link), it also does not in any way suggest that a malicious site is "trusted."

    Bad reporting or bad security advice. Which is worse?

  1. jhawk95

    Joined: Dec 1969


    This jsut in.....

    We now interrupt this regularly scheduled program to alert you about this item that just came in.....People who click on a link sent to them by a complete stranger via their email (or even a friend for that matter) to connect them to their bank's website might lose all of their money in that account due to fraud / theft!OMG! Are people still that fracking stupid? NEVER click on ANY link to get to a site that you are going to put a password in and that is linked to anything about your financial issues. Even if your REAL bank or someone sends you an email stating your statement is now ready. Close the email and use the link you have book marked or manually type the address to get there.If you do this, you will NEVER have to worry about these so-called scams which only affect lazy netizens.

  1. testudo

    Joined: Dec 1969


    Re: bad reporting

    It all depends on what the actual 'exploit' is. The problem is that he is very unclear on how you think it is a trusted site. It may be just that the link looks like "" in the email, but when you click on it, it goes to "".

    However, it also sounds like it could be such that you click on a link, and it takes you to "", but the address bar itself says "". In such a case (which is an issue other browsers have had in the past), it looks for all intents and purposes to be the correct site, but it is not.

    In that instance, this is a severe problem.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...


Most Commented