Latest in Apple

Image credit:

1,500 iOS apps are vulnerable to an HTTPS-crippling bug

143 Shares
Share
Tweet
Share
Save

Sponsored Links

According to analytics service SourceDNA, nearly 1,500 iPhone and iPad apps currently available in the App Store include a bug that breaks HTTPS. This could leave users' sensitive personal information exposed to hackers. Analysts have identified an out-of-date version of open-source code library AFNetworking as the source of the vulnerability. The library itself has already been patched, however, many apps are still using the older, insecure version. "We tested the app on a real device and, unexpectedly, we found that all the SSL traffic could be regularly intercepted through a proxy like Burp without any intervention," researchers Simone Bovi and Mauro Gentile wrote in March.

It should be noted, however, that this vulnerability does not break security system-wide. Instead, it poses an issue when a vulnerable app is active. That is, if you have the Alibaba.com app running (which is vulnerable), only the data that you send through that app will be at risk; the information you send using, say, the eBay app or via the Amazon website will still be secure. SourceDNA analyzed the binary code of every free app, as well as the top 5,000 paid ones, to assemble its list. The company has also released a search tool to help users see if their favorite apps are affected. Hopefully all this added attention will incite developers to patch their programs, though as of yesterday, about 1,500 apps remain at risk.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
143 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
NVIDIA will remaster more games with RTX ray tracing

NVIDIA will remaster more games with RTX ray tracing

View
Safari in iOS sends some Safe Browsing data to Tencent

Safari in iOS sends some Safe Browsing data to Tencent

View
US says digital assets are covered by money laundering and disclosure laws

US says digital assets are covered by money laundering and disclosure laws

View
San Francisco's proposed office would prevent 'reckless' tech rollouts

San Francisco's proposed office would prevent 'reckless' tech rollouts

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr