HTTPS snooping flaw in third-party library affected 1,000 iOS apps with millions of users

Lucian Constantin reports:

Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.

The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.

Read more on PC World.

About the author: Dissent

Comments are closed.