banner



Home  ›  1,500 iOS Apps at Huge Risk Due to AFNetworking SSL Bug

1,500 iOS Apps at Huge Risk Due to AFNetworking SSL Bug

Written By Thursday, 3 March 2022 Add Comment Edit

Some 1,500 iOS apps are vulnerable to homo-in-the-eye attacks enabling attackers to intercept encrypted passwords, depository financial institution account details and other such sensitive information. This vulnerability cripples the security of HTTPS significant that any information sent from an iPhone or an iPad including the login data could be intercepted using the HTTPS protocol.

afnetworking ios apps security

AFNetworking code mistake enables MITM attacks on iOS apps:

According to the latest revelation by an analytics visitorSourceDNA, some two million people are at take chances who have installed the vulnerable apps. These apps include some major names like Alibaba.com mobile app, Movies past Flixster with Rotten Tomatoes, and Citrix OpenVoice Sound Conferencing.

The vulberability comes from an older verson of the AFnetworking open-source code library that allows developer todrop networking capabilities into their appsor simply put, handle the connection to the server.

The issue occurs even when the mobile awarding requests the library to apply checks for server validation in SSL certificates. We tested the app [AFNetworking two.5.1] on a real device and, unexpectedly, nosotros establish that all the SSL traffic could be regularly intercepted through a proxy like Burp without whatever intervention!

This bug cripples HTTPS and through MitM attacks decrypts HTTPS-encrypted information. Hacker intended to explout the bug can initiate a man-in-the-middle attack using a false WiFi hotspot to intercept information. While this shouldn't work ordinarilywith secure connections because fradulent credential would be detected every bit a counterfiet dropping the coonection, it is possible in this instance because of the bug in the code rendering the apps unable to cheque the security document.

The report reveals that although AFNetworking has fixed the flaw three weeks ago with the latest version 2.5.ii, the problems nevertheless infects some i,500 iOS apps on the before two.5.one version introduced in January.

To be on the condom side and confirm if you are using whatsoever of the 1,500 infected apps, use the search tool developed bySourceDNA .

-Source: SourceDNA| More details:ArsTechnica

Source: https://wccftech.com/afnetworking-ssl-bug-makes-1500-ios-apps-at-risk-of-mitm/

Posted by: kirkconsel.blogspot.com

0 Response to "1,500 iOS Apps at Huge Risk Due to AFNetworking SSL Bug"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel