IPhone OS Needs a Security Patch Fast
Raff mentions that iPhone's mail application can easily be targeted by spammers, as said e-mail app automatically downloads images - it doesn't ask for the user's consent. "The iPhone's Mail application downloads all images automatically, and there is NO WAY to disable this feature!" Raff warns.
This is why, when the image refers back to a server-side script as it gets downloaded, the user will simply see an opened e-mail from a valid e-mail address, exposing his / her address to the risk of spamming. "If the images were downloaded automatically, the spammer who controls the remote server will know that you have read the message, and will mark your mail account as active, in order to send you more spam," says Raff.
As far as phishing vulnerabilities go, the iPhone has hit another home run, the researcher claims. As many of you should know, the iPhone's Mail application can be used to view both HTML and plain text mail messages. By viewing an e-mail in HTML format, the text of links can be set to a different URL than the actual link. By hovering the link, users get a tooltip which shows them the actual URL that they are about to click. However, as Raff puts it, "in iPhone it's a bit different."
Besides having to click the link for a longer period of time, long URLs are automatically cut off in the middle, because of the reduced size of iPhone's screen. "The problem here is that an attacker can set a long subdomain (~24 characters) that, when cut off in the middle, will look as if it's a trusted domain," the researcher believes, offering the screenshot to the left as an example.
"I think they put their own users at much more risk by not fixing this," Raff adds. "At least now the users who read this will know to be careful. It's only a matter of time until the bad guys will find this anyway," the security expert concludes by saying.
Since there's no workaround for these flaws for the time being, Raff advises users to avoid using the Mail app until Apple issues a fix.
Published by M. NURRIZQI PUTRO UTOMO
The Real Patch Adams and the Gesundheit! InstituteMany people have watched "Patch Adams," which was made in 1998, but do they know the real man and story behind the movie? Patch Adams has a dream and he is spreading that messag...- Who Needs Support Hose?When you have friends, who needs support hose?
Meet Your Nine Basic Needs (and Be a Better Mom)Whether you're a new mom or have been at it for a while, this book offers practical ways to have your needs met, so you can better meet the needs of your family.
Mac OS X: LeopardA Quick Look at the Most Innovative Features in Mac's Upcoming OS X Update- The Special Needs Child - How Much is Too Much?We all want our children to succeed. Those of us who have special needs children want to give them an extra helping hand - we want to make it easier for them to succeed. Is this necessarily a good idea?
- Exelon: Improved Treatment for Alzheimer's by a Transdermal Patch
- Microsoft Browser Patch Released, Serious Security Questions Raised
- Lo Que No Debemos Alimentar a Los Niños
- Daytrana; The ADHD Patch
- Diez Consejos Para Viajar En Avión Con Bebés Y Niños Pequeños
- X-TREME Spaghetti-Os: Enhance Your Canned Pasta (and Your Life!)
- Does Your Pet Have Stress? Find Out with the Pet Stress Patch