Lowest Prices anywhere on MacBook Pros and Mac Pros: Apple Price Guides updated Apr 18th (use exclusive coupons, tax-free options to save hundreds)
 


Tuesday, August 18, 2009, 06:20 am PT (09:20 am ET)

Apple aware of iPhone OS 3.0 e-mail security bug

The act of deleting an e-mail within iPhone OS 3.0 isn't enough to destroy its contents, and Apple is reportedly aware of the flaw and could be working on a fix.

Citing a source within Apple, Gizmodo stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by Cult of Mac, happens when a user attempts to delete an e-mail. Even after emptying the Mail application's trash, the message — and all of its contents — are still accessible through the phone's Spotlight search feature.

To test the flaw, delete a message within the iPhone's Mail software. Remove it from the trash, and check your mail server to ensure it's erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.

While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.

"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.

The site's internal tipster doesn't give any certainty, though, only saying Apple will "probably" include a fix in the upcoming iPhone OS update.

Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are "over three or four months old." He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message "1 of 0."

"These messages are still on the iPod somewhere, even after you delete them, but you can't find them without searching for them," Janssen said. "Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases."

Spotlight search is a new feature of the latest iPhone software, released in June. It offers global search capabilities, which enable users to quickly find apps, notes, e-mails, calendar events, contacts, music and other media files.