Tuesday, July 17, 2007
iPhone security warning
The iPhone has a feature that lets you dial a phone number that appears on a web page by simply tapping it.
Security firm SPI Labs warns iPhone users not to use the feature until Apple fixes a bug. They don't give details, but apparently if you're on a malicious web site, or a legit one that's been successfully attacked, bad guys could redirect your call to a 900 number.
Unfortunately their advisory doesn't make it clear exactly what you need to avoid doing. It sounds like they're saying not to tap on phone numbers.
That may be overcautious since they don't report any cases in the wild of bad guys using this bug to attack people.
|
Security firm SPI Labs warns iPhone users not to use the feature until Apple fixes a bug. They don't give details, but apparently if you're on a malicious web site, or a legit one that's been successfully attacked, bad guys could redirect your call to a 900 number.
Unfortunately their advisory doesn't make it clear exactly what you need to avoid doing. It sounds like they're saying not to tap on phone numbers.
That may be overcautious since they don't report any cases in the wild of bad guys using this bug to attack people.
# posted by Frederick @ 2:39 PM Email to a friend:
Haloscan: they provide trackback