banner

1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device?

Written by Arstechnica
afnetworking-bug-640x306
  • Arstechnica
  • 3 years ago

 

afnetworking-bug

About 1,500 iPhone and iPad apps contain an HTTPS-crippling vulnerability that makes it easy for attackers to intercept encrypted passwords, bank-account numbers, and other highly sensitive information, according to research released Monday.

An estimated two million people have installed the vulnerable apps, which include the Citrix OpenVoice Audio Conferencing, the Alibaba.com mobile app, Movies by Flixster with Rotten Tomatoes, KYBankAgent 3.0, and Revo Restaurant Point of Sale, according to analytics service SourceDNA. The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1,500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw.

Read More

0 0

Leave a Comment

Your email address will not be published. Required fields are marked *