1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Second HTTPS snooping flaw breaks security for thousands of iOS apps

Discussion in 'Network World' started by RSS, Apr 27, 2015.

  1. RSS

    RSS New Member Member

    Attackers can potentially snoop on the encrypted traffic of over 25,000 iOS applications due to a vulnerability in a popular open-source networking library.

    The vulnerability stems from a failure to validate the domain names of digital certificates in AFNetworking, a library used by a large number of iOS and Mac OS X app developers to implement Web communications—including those over HTTPS (HTTP with SSL/TLS encryption).

    The flaw allows attackers in a position to intercept HTTPS traffic between a vulnerable application and a Web service to decrypt it by presenting the application with a digital certificate for a different domain name. Such man-in-the-middle attacks can be launched over insecure wireless networks, by hacking into routers or through other methods.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page