Threat Center Security News iPhone Phishing Vulnerability
iPhone Phishing Vulnerability Print E-mail
Written by Rebecca Mints   
Saturday, 26 July 2008 05:24

The iPhone's Mail and Safari browser applications are prone to a URL spoofing vulnerability, that might allow phishing attacks.

 

Creating a crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL so it looks like it is from a trusted domain like PayPal or any other sites.

 

When the URL is clicked, the Safari browser is opened. The spoofed URL, shown in the address bar of the Safari browser, will still be viewed by the victim as if it is from a trusted domain.

 

iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability. Earlier versions may also be affected, said Raff. (http://aviv.raffon.net/)

 

WTW Threat Level