Computerworld is reporting that security researcher Aviv Raff has discovered three bugs with the iPhone’s Mail and Safari applications. Raff has reported these to Apple, but apparently Cupertino doesn’t agree that all three bugs are security issues. This bug involves malicious users sending spoofed URLs that iPhone users may click and open in Safari, thinking they are valid URLs for banks, PayPal, etc. The other Mail issue makes accounts more vulnerable to spam, but Raff said nothing more, not wanting to spill the beans so the bug could be exploited more readily. This bug has already been patched in Mail for Mac OS X.
Raff recommends that users not click on any links they receive in e-mails on the iPhone, and said that if they want to avoid spam, they should stop using Mail on the iPhone. This latter comment surprises us – spam is related to an e-mail account, not an e-mail program, so we are curious as to how a bug in Mail could lead to receiving more spam. But we’ll keep an open mind and wait and see what becomes of this. In the meantime, you have been warned.
