If you're one of the more than 63 million iPhone users, there may be a hidden security flaw in one of your more popular apps. SourceDNA, a cybersecurity firm, identified "a major flaw" hidden in a specific version of the AFNetworking software used in about 100,000 iOS apps out of the 1.4 million available that allows hackers to bypass the SSL security certificate.
Upon further research, SourceDNA identified 1,000 apps used by iPhones, iPods and iPads that are actually affected by the security flaw which allows what they called the "proverbial coffee shop attacker to easily bypass SSL and see all of your app's user credentials and banking data."
SourceDNA says that the day the flaw was identified and patched, they found about 20,000 of the 100,000 apps using AFNetworking were updated or had released apps after the flawed code was committed. However, they also found that the flaw was open for six weeks and exposed millions of users to possible attacks. Some of the major app developers affected were Yahoo!, Microsoft, Uber and Citrix.
Users can check the vulnerability of their apps on the SourceDNA monitoring site. In the meantime, users of any iOS systems should be careful about protecting their personal passwords, information and credit card details until the vulnerable apps are updated, and consider changing any security passwords.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.