E-Mail security bug disclosed, and Apple working on a fix

The act of deleting an e-mail within iPhone OS 3.0 isn’t enough to destroy its contents, and Apple is reportedly aware of the flaw and could be working on a fix.

iPhone Email

Citing a source within Apple, a Gizmodo article stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by the Cult of Mac blog, happens when a user attempts to delete an e-mail. Even after emptying the Mail application’s trash, the message — and all of its contents — are still accessible through the phone’s Spotlight search feature.

To test the flaw, delete a message within the iPhone’s Mail software. Remove it from the trash, and check your mail server to ensure it’s erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.

While some reports allege both IMAP and POP accounts are affected, a number of readers on blogs have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.

“As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn’t just strange, it’s a disastrous security flaw,” the Gizmodo article states.

The site’s internal tipster doesn’t give any certainty, though, only saying Apple will “probably” include a fix in the upcoming iPhone OS update.

Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are “over three or four months old.” He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message “1 of 0.”

“These messages are still on the iPod somewhere, even after you delete them, but you can’t find them without searching for them,” Janssen said. “Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases.”

Related Posts

 

2 Comments to “E-Mail security bug disclosed, and Apple working on a fix”

  1. on 21 Aug 2009 at 2:02 pmXe

    I would say CoPilot is better and half the ptice of Tom Tom, and already had many more features!

  2. on 21 Aug 2009 at 2:03 pmXe

    Damn ignore the above, wrong article.

What's your opinion?