Security researcher Aviv Raff claims that the iPhone and iPod touch versions of Mail and Safari are both vulnerable to a URL Spoofing vulnerability that could allow attackers to conduct phishing attacks to iPhone users. According to Raff, a hacker could create a specially crafted URL that, when sent via an email, he could convince came from a trusted domain like a bank, PayPal, a social network, etc. Then, when clicked and opened in Safari, the URL showed in Safari's URL bar would still appear to the victim that it is from the trusted domain.
