INSECURITY researcher Aviv Raff has warned that IPhone's Mail and Safari applications are prone to a URL spoofing vulnerability that could direct unsuspecting surfers to malicious phishing sites.

The security breach apparently affects IPhone Mail and Safari running on firmware 1.1.4 and 2.0. However, earlier versions may also be vulnerable.

To avoid being spoofed, Raff recommends that users manually input URLs into IPhone's Safari browser and avoid clicking on Mail links until Apple releases a fix.

Apple has acknowledged the gaping hole in its IPhone Mail application and launched an investigation into Safari's alleged vulnerability to forged URLs. µ