Latest in Apple

Image credit:

1,500 iOS apps are vulnerable to an HTTPS-crippling bug

Share
Tweet
Share

Sponsored Links

According to analytics service SourceDNA, nearly 1,500 iPhone and iPad apps currently available in the App Store include a bug that breaks HTTPS. This could leave users' sensitive personal information exposed to hackers. Analysts have identified an out-of-date version of open-source code library AFNetworking as the source of the vulnerability. The library itself has already been patched, however, many apps are still using the older, insecure version. "We tested the app on a real device and, unexpectedly, we found that all the SSL traffic could be regularly intercepted through a proxy like Burp without any intervention," researchers Simone Bovi and Mauro Gentile wrote in March.

It should be noted, however, that this vulnerability does not break security system-wide. Instead, it poses an issue when a vulnerable app is active. That is, if you have the Alibaba.com app running (which is vulnerable), only the data that you send through that app will be at risk; the information you send using, say, the eBay app or via the Amazon website will still be secure. SourceDNA analyzed the binary code of every free app, as well as the top 5,000 paid ones, to assemble its list. The company has also released a search tool to help users see if their favorite apps are affected. Hopefully all this added attention will incite developers to patch their programs, though as of yesterday, about 1,500 apps remain at risk.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Microsoft clarifies which games work on Xbox Series S and X on day one

Microsoft clarifies which games work on Xbox Series S and X on day one

View
Sony is giving away PSVR camera adapters for the PS5

Sony is giving away PSVR camera adapters for the PS5

View
Windows 10 update removes Flash and prevents it from being reinstalled

Windows 10 update removes Flash and prevents it from being reinstalled

View
'No Man's Sky' will be available for PS5 and Xbox Series X at launch

'No Man's Sky' will be available for PS5 and Xbox Series X at launch

View
T-Mobile’s TVision is a cable-cutting package for its mobile customers

T-Mobile’s TVision is a cable-cutting package for its mobile customers

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr