Aviv Raffis a (very) smart guy and when back in July, he informed Apple of two serious security flaws that affected the iPhone, he did the right thing, expecting the Cupertino company to act swiftly to close the vulnerabilities.
Sad to say that nearly three months afterwards,Apple (opens in new tab)has yet to act on the data that Raff provided to them. He wrote on his blog that he has "disclosed the technical details to Apple few weeks before that post, in a hope to get those security issues fixed as soon as possible. Unfortunately, two and a half months later, and still there is no patch for those vulnerabilities."
Adding that he asked Apple several times for a schedule, but "they have refused to provide the fix date". He continued "Three versions (v2.0.1, v2.02, v2.1) have been released since I provided them with the details, and they are still "working on it". Therefore, I've decided to publicly disclose the technical details. Both issues are pretty trivial, and can be easily fixed by Apple."
What does that mean? The two vulnerabilities can lead to more phishing and spamming and now that Aviv has decided to go public with them, iPhone owners can expect to become the targets of "social engineering" experts.
The Phishing vulnerability is potentially the more damaging o ne since ti would allow phishing URLs to be implemented in URLs quite easily by using long subdomains (more than 24 characters).
The second one has to do with the fact that Apple's mail application automatically downloads images, a "feature" that cannot be disabled. Obviously, spammers would certainly like this as it confirms that an email inbox is active.