Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » iOS apps from developers vulnerable to HTTPS data decryption

iOS apps from developers vulnerable to HTTPS data decryption

2015/04/21

Softpedia - (International) Research from SourceDNA revealed that almost 1,000 iOS apps are vulnerable to a security flaw in build 2.5.1 of open source AFNetworking that disables secure sockets layer (SSL) certificate validation, which could allow attackers to carry out man-in-the-middle (MitM) attacks and read encrypted information in plain text. The flaw was patched in late March, but many developers have not yet integrated the updated code.

Source: http://news.softpedia.com/news/iOS-Apps-from-Developers-Vulnerable-to-HTTPS-Data-Decryption-478951.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:09