The iPhone has a number of security flaws. According to Israeli researcher Raff, the technical details have been disclosed to Apple weeks before a post in his blog. His concern was that the security issues should get fixed as soon as possible. Now, even after two and a half months, there has been no patching of these issues. He had asked Apple for a schedule many times but was given no dates.

One flaw is the flaw in URL display. This allows an attacker to send a message with a malicious URL that looks real. Generally all you need to do is hover the link and you get a tooltip which will tell you the real URL you will click. In the iPhone, only after clicking the link for a few seconds would you get the tooltip. With the smaller iPhone screen, long URL’s are cut off.

This means an attacker can creat a long URL displaying a trusted domain but which is actually a malicious one. Even opening it in the Safari browser is of no help.

The other bug is that it is easy for spammers to identify valid email accounts. Spammers understand that their message is read and they will then send you more messages. The recommendation is not to use mail until the problem is patched.