Critical HTTPS bug may open 25,000 iOS

At least 25,000 iOS apps available in Apple’s App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.FURTHER READING1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that’s trivial for hackers to monitor or modify, even when it’s protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

Read on, source: Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks | Ars Technica

Leave a Reply

Your email address will not be published. Required fields are marked *