14 DAY TRIAL // The folks from SPI Labs informed the users about a critical vulnerability discovered in Apple's iPhone that might harm the owners and the data stored on the handheld device. According to the reports, there is a security flaw in Apple iPhone's Safari that can permit an attacker discover the phone calls and track the dialed numbers. In addition, a malicious user can manipulate the iPhone in order to place anonymous phone calls without owners' approval. SPI Labs said the attacks can be launched from a dangerous website.
"For example, an attacker could determine that a specific website visitor "Bob" has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob's phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss," SPI Labs wrote.
It seems like the folks from SPI Labs already informed the parent company Apple about the existence of the flaw and the engineers are currently working to fix it. Also, you're encouraged to avoid using the in-built Safari browser because an attacker could be able to discover the dialed telephone number.
Apple's iPhone was released on June 29 and was one of the most awaited products powered by the Cupertino company. Just after a few days after the launch date, the Internet users discovered some security holes in the handheld device that proved us we're not safe using the iPhone. However, today's vulnerability raises new security concerns as users' private information might be accessed by any dangerous attacker on the Internet.
"These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm," SPI Labs also mentioned in the advisory.