HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users<article>
<section class="page">
<p>Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.</p><p>
The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.</p><p>This means that attackers in a position to intercept encrypted traffic between affected applications and HTTPS servers could decrypt and modify the data by presenting the app with a fake certificate. This is known as a man-in-the-middle attack and can be launched over insecure wireless networks, by hacking into routers and through other methods.</p><p class="jumpTag"><a href="/article/2912752/https-snooping-flaw-in-thirdparty-library-affected-1000-ios-apps-with-millions-of-users.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users
