1,500 iOS Apps At Security Risk Due To HTTPS-crippling Bug
An HTTPS-crippling bug has become a major issue, with about 1,500 apps for the iPhone and iPad affected. The bug makes it easy for hackers to get bank account numbers, encrypted passwords and information that are user-specific and sensitive.
An iOS bug report says that the bug was in AFNetworking, an open-source code used by more than 20,000 apps. The section that contains the bug, however, only amounts to 5 percent of the number.
Some apps affected with the HTTPS-crippling bug are popular ones. More than 2 million people use these apps.
The flaw is associated with version 2.5.1 introduced in January. Though an updated version is available, there are apps that still use the older version.
The bug makes it easy for attackers to monitor the connection of devices. A fraudulent security certificate is all that is needed to bring the bug into action. In normal cases, such attacks are detected automatically, but as there is a logic error in the app, no validation is done.
On Monday, cybersecurity firm SourceDNA reported that the affected apps will not be able to use HTTPS properly.
The cyber security firm has asked users not to be worried, as it has introduced a tool for checking the vulnerability. As per the latest detection, Uber and Yahoo Finance contain the bad code. The apps listed in the iOS bug report are currently working on the fix.