Support Our Site

Get Better Gear!

Theodolite App for iOS is Breathtaking from Hunter Research and Technology, US$3.99 (Pro and HD versions)
- 9 out of 10
Akron’s TAB802 Table Mount For iPad Is Sturdy from Akron, US$99.95
- 8 out of 10
Dinosaurs Roar to Life on the iPad with Stephen Fry from M58959 Studios, US$14.95
- 6 out of 10
Poldera’s iKeep Holds Your iPhone Close from Poldera LLC, US$19.99
- 7 out of 10
Mediadevil’s Easyscreen Screen iPad Protector Is Unusual from Mediadevil, £16.97 (US$22.09)
- 8 out of 10

Premier Sponsors

Top 5 Free Apps

Sheep Launcher Free!

Kronos Games

Release Date: August 05, 2009

Genre: Games

Boxed In

Dennis Mengelt

Release Date: May 22, 2009

Genre: Games

Ninjas Live

Storm8

Release Date: August 29, 2009

Genre: Games

Bump

Bump Technologies LLC

Release Date: March 27, 2009

Genre: Social Networking

Discovery Channel

Release Date: August 07, 2009

Genre: Entertainment

iTunes New Music Releases

Black Gives Way To Blue

Alice In Chains

Release Date: September 29, 2009

Genre: Rock

Backspacer

Pearl Jam

Release Date: September 20, 2009

Genre: Alternative

The Resistance

Muse

Release Date: September 15, 2009

Genre: Alternative

Awake (Deluxe Version)

Skillet

Release Date: August 25, 2009

Genre: Rock

Ellipse (Deluxe Version)

Imogen Heap

Release Date: August 25, 2009

Genre: Alternative

Top 5 Paid Apps

The Moron Test $0.99

DistinctDev

Release Date: April 22, 2009

Genre: Entertainment

StickWars $0.99

John E. Hartzog

Release Date: March 31, 2009

Genre: Games

Bloons $0.99

Digital Goldfish Ltd

Release Date: April 05, 2009

Genre: Games

Discover New Music

Machine Gun Etiquette
- 8 out of 10
- The Damned
- Punk rock is mostly associated with three chords and a bad attitude, but the Damned were one of the few bands of the era bent on bringing musicianship and a good sense of humor to the scene. And while
Chicago Transit Authority
- 10 out of 10
- Chicago
- For those of you who don't know, Chicago didn't always suck, and everyone in the band didn't always play a keyboard. When the band started off they were pioneers of rock and jazz fusion, and guita
8:30
- 10 out of 10
- Weather Report
- This is Weather Reports quintessential line-up captured live. Jaco Pastorious and Peter Erskine join Wayne Shorter and, of course, Joe Zawinul to create this masterpiece.
So Jealous
- 8 out of 10
- Tegan and Sara
- So Jealous is the third album from these sisters, and easily the one to single out for an introduction to their music. Some people may not get on board with their vocal styles, which are slightly
Spilt Milk
- 10 out of 10
- Jellyfish
- The second and final album from this power-pop group makes me wish Jellyfish had been able to make just one more record together. The album is best enjoyed as a whole piece, flowing from one track to

Reader Specials

Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!

News

Researcher Fed Up, Reveals iPhone Vulnerabilities

Thursday, October 2nd, 2008 at 4:00 PM - by John Martellaro

Back in July, Aviv Raff, told Apple about two iPhone issues that he considered to be vulnerabilities. Updates 2.0.1, 2.0.2. and 2.1 came and went with no fix, so Mr. Raff went public with the details.

All that Apple has said, according to Mr. Raff, a security researcher in Israel is that they’re still "working on it."

The first problem is related to the limited real estate on the iPhone screen. For some time now, desktop e-mail programs are designed to display, with a hovering tooltip, the actual URL of a link, no matter what the text says. Apple Mail does that on the Mac.

On the iPhone, there is no hovering tip, and in fact, the iPhone truncates the URL due to limited space. As a result, a longer, malicious URL could look like a legitimate one. The author showed an example of a deceptive link to Facebook.

The second problem is one that has also been fixed in desktop systems, namely the link-back of embedded images. "This one is not just a trivial bug, it’s actually a pretty dumb design flaw, which was already fixed by all other mail clients ages ago. Whenever you view an HTML mail message which contains images, a request is made to a remote server in order to get the image. Most of the mail clients today requires you to approve the download of the images. This is done for a good reason," Mr. Raff wrote.

"If the images were downloaded automatically, the spammer who controls the remote server will know that you have read the message, and will mark your mail account as active, in order to send you more spam. This ’feature’ is also known as ’Web Bug’.

"The iPhone’s Mail application downloads all images automatically, and there is NO WAY to disable this feature!" Mr. Raff noted with dismay.

Mr. Raff suggested that the Mail application on the iPhone not be used until these issues are fixed.

Apple has a history of fixing bugs on their own schedule, not the schedule of researchers who report them. That can lead to some frustration, but in the end, Apple makes the call on which vulnerabilities get the highest priorities. Sometimes, fixing a security flaw disrupts an entire feature set, and reworking the feature, without the flaw, takes time. In any case, knowledge is better than ignorance for users, and, as usual, iPhone users should be Internet savvy and at least as smart as their smartphone.

Recent Headlines

Post Your Comments

Commenting is not available in this section entry.

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. iPodObserver is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.