iOS Apps from Developers Vulnerable to HTTPS Data Decryption
A bug in an older version of a widely used networking library for iOS and OS X, present in products from prominent developers, can be exploited to decrypt the secure traffic from an iOS app, allowing an attacker access to sensitive data like credentials and banking info.
Build 2.5.1 of open source AFNetworking is affected by a security vulnerability that disables SSL (secure sockets layer) certificate validation, permitting someone in a position to intercept the connection (man-in-the-middle attack) to read the encrypted information in plain text.
Almost 1,000 iOS apps are vulnerable
Not sure if you’re using one of these unsecure apps. Thanks to SourceDNA for providing a lookup web page to check if the app is vulnerable and then patched.
Here’s the link: http://searchlight.sourcedna.com/lookup. Simply type the name of your app to check.
