1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users

Discussion in 'Network World' started by RSS, Apr 21, 2015.

  1. RSS

    RSS New Member Member

    Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.

    The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.

    This means that attackers in a position to intercept encrypted traffic between affected applications and HTTPS servers could decrypt and modify the data by presenting the app with a fake certificate. This is known as a man-in-the-middle attack and can be launched over insecure wireless networks, by hacking into routers and through other methods.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page