Critical vulnerability in SSL affects thousands of iOS apps
Ivan Leichtling, from Yelp, has discovered a vulnerability in the open source library AFNetworking, which provides network functionality to iOS and iOS X products. The vulnerability could allow to bypass SSL protection, due to a flawed verification of the domains included in the certificate shown by servers.
This library is highly used, and approximately 25,000 apps for iOS could be affected by the flaw.
This library is highly used, and approximately 25,000 apps for iOS could be affected by the flaw.
References:
- 25/04/2015 thehackernews.com Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers
- 27/04/2015 zdnet.com Thousands of iOS apps left open to snooping thanks to SSL bug
- 20/04/2015 arstechnica.com 1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device?