1,500 iOS Apps Are Vulnerable To HTTPS Breaking Bug
While Apple is taking great steps to ensure no loopholes or bugs are found in the latest version of iOS, the Cupertino company has still a lot on its plate. According to the analytic service SourceDNA, nearly 1,500 iOS apps for iPhone and iPad which are present in the App Store contain a bug that breaks HTTPS.
This means that users’ sensitive personal information is readily exposed to hackers. The analysts have identified that the source of vulnerability is an out-of-date version of open-source code library AFNetworking. While the library was patched in the updated versions, there are still numerous apps that use the older version.
“We tested the app on a real device and, unexpectedly, we found that all the SSL traffic could be regularly intercepted through a proxy like Burp without any intervention,” researchers Simone Bovi and Mauro Gentile wrote in March.
However, this vulnerability does not affect the security system-wide. It only poses a threat when the affected app is active. For example, if you are running the iPhone Alibaba.com app (which is vulnerable), only then the data which you are sending through the app would be exploited.
SourceDNA analyzed the binary code of every free app, as well as 5,000 paid ones, to assemble its list. Turns out that some of the big guns like Yahoo!, Microsoft, Uber, Citrix are also under threat. SourceDNA has also released a search tool which can help users check if their favorite apps are affected.