Fifteen hundred apps for iOS contain HTTPS vulnerability that attackers can access sensitive user information. In particular, the gap can be used to steal user passwords, credit card numbers, and other data. This is reported by experts from SourceDNA.

Read more...

Fifteen hundred apps for iOS contain HTTPS vulnerability that attackers can access sensitive user information. In particular, the gap can be used to steal user passwords, credit card numbers, and other data. This is reported by experts from SourceDNA.

a Bug was found in version popular network library for iOS and Mac OS X AFNetwork 2.5.1 back in February, but in version 2.5.2 has been fixed with a patch. However, this advantage not all developers, many of them still use older versions of the library, holding doors open for hackers.

Interestingly, during the first scan of one of the 1.4 million apps from the App Store, which SourceDNA held April 1, it was found 1000 potentially dangerous applications of the discussed vulnerability. According to the results of a second scan taken on 18 April, these applications became 1500, although many companies, including Yahoo, Microsoft and Uber, the quickly updated their software products for iOS.

In Source DNA has developed a tool that enables users and developers to test the app on the existence of this gap. As promised the security specialists, database tool will be updated frequently.