74
vote
The iPhone's Mail and Safari applications are prone to a URL Spoofing vulnerability, which may allow attackers to conduct phishing attacks against iPhone users.
By creating a specially crafted URL, and sending it via an email, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain (e.g. Bank, PayPal, Social Networks, etc.).
When clicking on the URL, the Safari browser will be opened. The spoofed URL, showed in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain.
Affected versions
iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability.
Earlier versions may also be affected.
Continue reading here....
Bookmark/Search this post with:
