1,500 iOS Apps At Security Risk Due To HTTPS-crippling Bug

1,500 iOS Apps At Security Risk Due To HTTPS-crippling Bug
the iOS family pile (2012) Blake Patterson/Flickr CC BY-SA 2.0
Be First to Share ->
Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn
Pin to Pinterest
Share on StumbleUpon
What's This?

An HTTPS-crippling bug has become a major issue, with about 1,500 apps for the iPhone and iPad affected. The bug makes it easy for hackers to get bank account numbers, encrypted passwords and information that are user-specific and sensitive.


An iOS bug report says that the bug was in AFNetworking, an open-source code used by more than 20,000 apps. The section that contains the bug, however, only amounts to 5 percent of the number.

Some apps affected with the HTTPS-crippling bug are popular ones. More than 2 million people use these apps.

The flaw is associated with version 2.5.1 introduced in January. Though an updated version is available, there are apps that still use the older version.

Like us on Facebook

The bug makes it easy for attackers to monitor the connection of devices. A fraudulent security certificate is all that is needed to bring the bug into action. In normal cases, such attacks are detected automatically, but as there is a logic error in the app, no validation is done.

On Monday, cybersecurity firm SourceDNA reported that the affected apps will not be able to use HTTPS properly.

The cyber security firm has asked users not to be worried, as it has introduced a tool for checking the vulnerability. As per the latest detection, Uber and Yahoo Finance contain the bad code. The apps listed in the iOS bug report are currently working on the fix.