Details of iPhone Phishing Vulnerability Disclosed

Two and a half months ago About Web Browsers reported on an iPhone phishing vulnerability involving the device's Safari Web browser and Mail application. Discovered by noted security researcher Aviv Raff, the flaw lies in the way links and URLs are displayed in the aforementioned Mail and Safari apps. If exploited correctly, this vulnerability has the potential to lure unsuspecting iPhone users to malicious websites by giving them the impression that they are visiting a safe location. At that point any personal information entered into the browser could potentially fall into the wrong hands.

When Raff first revealed the existence of this vulnerability back in July he refused to disclose technical details to the public, opting instead to work privately with Apple in an effort to deliver a fix. The temperature has since dropped a bit here on the East Coast and the leaves are starting to fall. However, this issue still exists. Raff, apparently frustrated by Apple's lack of urgency, has decided to go public with details of the flaw. Hopefully this will light a fire under Apple to release a fix for iPhone users. In the meantime be wary of clicking on any links associated with long, and therefore truncated, URLs.