mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1, 500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. “The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1, 500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw.” Read more of this story at Slashdot.
View post:
Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps
