Apple

iOS Apps from Developers Vulnerable to HTTPS Data Decryption


A bug in an older version of a widely used networking library for iOS and OS X, present in products from prominent developers, can be exploited to decrypt the secure traffic from an iOS app, allowing an attacker access to sensitive data like credentials and banking info.

Build 2.5.1 of open source AFNetworking is affected by a security vulnerability that disables SSL (secure sockets layer) certificate validation, permitting someone in a position to intercept the connection (man-in-the-middle attack) to read the encrypted information in plain text.

Almost 1,000 iOS apps are vulnerable

Source: http://news.softpedia.com/news/iOS-Apps-from-Developers-Vulnerable-to-HTTPS-Data-Decryption-478951.shtml

Not sure if you’re using one of these unsecure apps. Thanks to SourceDNA for providing a lookup web page to check if the app is vulnerable and then patched.

Here’s the link: http://searchlight.sourcedna.com/lookup. Simply type the name of your app to check.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s