HTTPS vulnerability discovered in 1500 iOS apps

19comments
HTTPS vulnerability discovered in 1500 iOS apps
According to a recent report, 1,500 iOS apps are currently affected by an HTTPS vulnerability bug that enables attackers to snoop on sensitive private information. The bug was introduced with the 2.5.1 version of AFNetwork, a popular networking library for iOS and Mac OS X apps. The vulnerability was discovered back in February, and patched with version 2.5.2 in late March, but some apps are still using the old version of the library, hence opening the door to a potential attacker. 

On April 1st, when researchers from SourceDNA initially scanned 1 million of the 1.4 million titles in the App Store for this specific bug, they found that 1,000 apps were vulnerable at the time, including some from developers such as Yahoo, Microsoft, Flixster, Citrix, and Uber. That number went up to about 1,500 apps on April 18th when the App Store was re-scanned, despite the fact that Yahoo, Microosft, and Uber cleaned up their apps in the meantime. 

If you're using one of the vulnerable apps, then an attacker would be able to gain access to all of the SSL traffic, including sensitive information such as your passwords or your bank account numbers. To find out if your apps are vulnerable, click the source link below. If it turns out that you do have vulnerable apps, it's probably best to uninstall or refrain from using them until the developers come up with a patch. 

source: SourceDNA via Arstehnica

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless