iPhone Browser Vulnerable to Phishing Attacks

A URL Spoofing vulnerability in the iPhone's Mail and Safari browser applications can be exploited to conduct phishing attacks. According to security researcher Aviv Raff, a specially crafted malicious URL could appear in the device's Mail application as if it were pointing to a trusted domain. If a user clicked on this spoofed URL it would then be displayed intact in Safari's address bar, giving he or she the impression that they were visiting a safe and secure Web page when in fact they may be a step away from becoming a phishing victim.

Raff has confirmed that iPhones running firmware version 1.1.4 as well as the new 2.0 release are affected. Earlier versions may also be at risk but that is unconfirmed thus far. Technical details of the vulnerability are being withheld by Raff until Apple, who has acknowledged the issue, has delivered a fix. In the meantime, it is recommended that you avoid clicking on any links within the device's Mail application. If you need to visit a specific URL, enter it manually in Safari's address bar.