HTTPS vulnerability exposes 1,500 iOS apps to security vulnerabilities

HTTPS vulnerability exposes 1,500 iOS apps to security vulnerabilities

SourceDNA, an app analytics service company, released a report on Monday that about 1,500 iOS apps have "HTTPS-crippling" vulnerabilities, which allow hackers to intercept users' encrypted information, such as passwords, bank account numbers or other highly sensitive information.

SourceDNA estimates that more than 2 million users have installed these potentially unsafe apps, such as Citrix OpenVoice Audio Conferencing, Alibaba.com's mobile app, KYBankAgent 3.0 and Revo Restaurant Point of Sale.

The vulnerability exists in early versions of AFNetworking. AFNetworking is an open source network development framework that allows developers to add network functions to their applications. Although the latest 2.5.2 version fixed the vulnerability three weeks ago, at least 1,500 iOS applications are still using the vulnerable 2.5.1 version.

To exploit this vulnerability, hackers only need to use the WiFi network of an Internet cafe or other place to monitor the vulnerable iOS device, and then use a fake Secure Sockets Layer certificate to launch an attack. Under normal circumstances, this fake certificate will be immediately detected. However, due to a logical error in the 2.5.1 version code, it does not verify the fake certificate and is therefore regarded as a legitimate certificate.

SourceDNA initially withheld the names of the affected apps to give developers time to update them, but now it has provided a search tool that allows iOS users to search by developer name.

Last month, Apple fixed the FREAK security vulnerability that affected iOS. The vulnerability was a remnant of a 1990s U.S. law that restricted the export of RSA encryption keys and is still supported by many browsers.

<<:  What detours might you take in the process of learning programming?

>>:  Foxconn starts selling used iPhones every Wednesday at 12:00

Recommend

How to break the nightmare of stagnation in particle physics?

Unless the Large Hadron Collider in Europe delive...

How much does it cost to be an agent for a decoration mini program in Foshan?

Is it easy to be an agent of Foshan decoration mi...

Why can domestic mobile phones occupy nearly half of the market share in India?

Not long ago, according to overseas media reports...

LeTV's Peng Gang: Good smart hardware products should be done in moderation

In the traditional toy development industry, the ...

Can these three “counter-trend points” make the Meizu PRO 6 a true flagship?

Unknowingly, Meizu, which held a new product laun...

Will Android devices and iPhones support Windows 10's "killer app"?

Last year, Microsoft launched the Windows Hello fe...

Cocos Play: The best solution for mobile web games

At the just-concluded ChinaJoy conference, Cocos ...

8 practical summaries on improving community retention

Brands often consult Da Nian. The company has obv...

Practical traffic diversion skills for Douyin (Part 1)

In order to help you learn the course better, tod...

Are you really ready to raise a dragon in the Year of the Dragon?

Dragons are animals from mythology, and it is pro...