Second HTTPS snooping flaw breaks security for thousands of iOS apps<article>
<section class="page">
<p>
Attackers can potentially snoop on the encrypted traffic of over 25,000 iOS applications due to a vulnerability in a popular open-source networking library.</p><p>
The vulnerability stems from a failure to validate the domain names of digital certificates in AFNetworking, a library used by a large number of iOS and Mac OS X app developers to implement Web communications—including those over HTTPS (HTTP with SSL/TLS encryption).</p><p>
The flaw allows attackers in a position to intercept HTTPS traffic between a vulnerable application and a Web service to decrypt it by presenting the application with a digital certificate for a different domain name. Such man-in-the-middle attacks can be launched over insecure wireless networks, by hacking into routers or through other methods.</p><p class="jumpTag"><a href="/article/2915192/second-https-snooping-flaw-breaks-security-for-thousands-of-ios-apps.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Second HTTPS snooping flaw breaks security for thousands of iOS apps