We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Reseacher identifies security flaws in Apple iPhone

Faults in email and Safari may pose potential threats

A research has discovered two flaws in Apple's iPhone that could cause a security threat.

According to Aviv Raff, the device's email application, which automatically downloads images is problematic because the image will refer back to a server-side script when it is downloaded, indicating to the sender that the email has been opened and the address is valid. The address can then be spammed.

Email applications usually are configured to block images from untrusted sources to prevent the problem, Raff said. He suggests that users avoid using the email application or be careful when clicking on links in an email that comes from an untrusted source.

The second flaw is how the iPhone's email application displays URLs. Messages can be shown in plain text or HTML. When in HTML mode, a user can get an email where the text of the link is different than the actual link. The true link can be displayed by hovering over the text, and a pop-up window reveals the URL. But the problem is the pop-up window truncates the URL since there isn't enough space on the screen.

An attacker could create a website with a long subdomain in order to fool a user into thinking it's a legitimate site, when it is in fact a phishing site - a website designed to trick a person into revealing personal information, Raff said.

After the bad link is served up in the Safari web browser, the user may still only see a fraction of the URL. If the address bar is clicked in mobile Safari, the cursor jumps to the end of the URL, so a person must scroll back to see the URL in its entirety, Raff wrote on his blog.

Neither Apple's mobile Safari nor the desktop version of the browser have a phishing filter.

Raff said he notified Apple more than two months ago about the design flaws. The company told Raff they were working on fixes but hadn't said when those fixes would be released.

Raff said he decided to go public with the information since Apple has since released at least three iPhone updates but hasn't addressed the issues.

"I think they put their own users at much more risk by not fixing this," Raff said in an interview. "At least now the users who read this will know to be careful. It's only a matter of time until the bad guys will find this anyway."

Apple couldn't immediately be reached for comment

iPhone 3G review



iPhone 3G video

Visit Mobile Advisor for the latest mobile phone news, reviews, tips & tricks, as well as PC Advisor's unique Apple iPhone 3G Spotlight

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model