The iPhone’s Mail and Safari browser applications could leave owners to a URL spoofing vulnerability, which may allow attackers to conduct phishing attacks against the phone’s users.
By creating a specially crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL, shown in the mail application, is from a trusted domain, such as a bank, PayPal or a social network.
When the iPhone user clicks on the URL, the Safari browser will be opening the spoofed URL, but still be viewed by the victim as if it is from a trusted domain.
The iPhone user will then be open to phishing attacks as they will enter private information, such as passwords, because they believe they are on the real site and not a fake.
Security researcher Aviv Raff also says. In addition, a security design flaw means the iPhone’s Mail application is also spammable.
iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability. Earlier versions may also be affected, said Aviv Raff.