iOS Apps from Developers Vulnerable to HTTPS Data Decryption

A bug in an older version of a widely used networking library for iOS and OS X, present in products from prominent developers, can be exploited to decrypt the secure traffic from an iOS app, allowing an attacker access to sensitive data like credentials and banking info.

Build 2.5.1 of open source AFNetworking is affected by a security vulnerability that disables SSL (secure sockets layer) certificate validation, permitting someone in a position to intercept the connection (man-in-the-middle attack) to read the encrypted information in plain text.

Almost 1,000 iOS apps are vulnerable

Source: http://news.softpedia.com/news/iOS-Apps-from-Developers-Vulnerable-to-HTTPS-Data-Decryption-478951.shtml

Not sure if you’re using one of these unsecure apps. Thanks to SourceDNA for providing a lookup web page to check if the app is vulnerable and then patched.

Here’s the link: http://searchlight.sourcedna.com/lookup. Simply type the name of your app to check.


Register your own Domain Name!
Profile photo of EM @QUE.COM

EM @QUE.COM

Founder, QUE.COM Game Studios. | Founder, Yehey.com a Shout for Joy! | MAJ.COM Management of Assets and Joint Venture | More at KING.NET Ideas to Life | Network of Innovation | Send your Tip to my Bitcoin/Ethereum or other crypto currency.

Leave a Reply