Aviv Raff, a security researcher, announced recently that it has discovered a bug in the Mail and Safari applications that run on the iPhone that opens the device to phishing attacks. According to him, the problem lies in how Mail treats URLs that it considers that are secure.

InformationWeek wrote in an article that Mr. Raff said that “by creating a specially crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL, showed in the mail application, is from a trusted domain. When clicking on the URL, the Safari browser will be opened. The spoofed URL, [shown] in the address bar of the Safari browser, will still be viewed by the victim as if it is of a trusted domain.”

It seems that the security bug is affecting only people who have the 1.1.4 and 2.0 versions of the iPhone firmware installed. Mr. Raff said that he has been familiar with the problem before, but hasn't made his suspicions public until the new firmware version was released in order no to affect Apple.

The company that manufacturers the iPhone said that it is familiar with the problem and that it will try to solve it with a future firmware release. Until then, the only way to deal with the security threat seems not to click on any of the links that are considered by the Mail program to be safe. Instead, users are advised to enter the web address manually into the Safari Browser.