|
Title: HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users Post by: HCK on April 21, 2015, 09:00:11 pm HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users
<article> <section class="page"> <p>Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.</p><p>The flaw (http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html) was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.</p><p>This means that attackers in a position to intercept encrypted traffic between affected applications and HTTPS servers could decrypt and modify the data by presenting the app with a fake certificate. This is known as a man-in-the-middle attack and can be launched over insecure wireless networks, by hacking into routers and through other methods.</p><p class="jumpTag"><a href="/article/2912752/https-snooping-flaw-in-thirdparty-library-affected-1000-ios-apps-with-millions-of-users.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users (http://www.macworld.com/article/2912752/https-snooping-flaw-in-thirdparty-library-affected-1000-ios-apps-with-millions-of-users.html#tk.rss_all) |