by Alastair Stevenson. 20 August 2012. - .v3.co.uk
A serious security vulnerability has been uncovered in Apple's iOS mobile platform letting cyber criminals send messages masquerading as the user's bank.
The new iOS vulnerability was discovered by underground security researcher 'pod2g' on 17 August.
The flaw reportedly stems from how Apple handles its SMS gateway.
The company's system reportedly makes it possible for individuals to specify a reply to number that is not their own when sending a message.
This means that, when users reply to a message, their text will not be sent to the recipient number listed in the original message.
"If this flaw is confirmed, it would make it easier for cyber criminals to engage in phishing attacks via SMS," Kaspersky researcher David Emm told V3.
"They could send SMS messages, asking for confidential data, making it look like it came from a legitimate source. In general you should never send any confidential data through SMS or other messaging services as the origin is hard to verify."
At the time of publishing, Apple had not responded to V3's request for comment on the vulnerability, though Engadget has reported receiving confirmation that the company is aware of the problem.
"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," an Apple spokesperson told Engadget.
"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."