Apple’s App Store vulnerability has been in news for a while, and although the problem has been overshadowed by other different issues, a fix was still was still pending for the vulnerability. Now it seems like Apple has taken a serious note of it and there’s more to follow up on that.
Per reports, Apple has eventually fixed a certain security flaw in its application store that for has allowed attackers to steal passwords and install unwanted or extremely expensive applications for some time now.
The problem in the App Store was first noticed back in July when a security researcher at Google discovered a boatload of vulnerabilities in Apple's App Store that grew bigger due to Apple's failure to implement HTTPS encryption.
However, six months later, Apple finally started making use of HTTPS in the App Store (as mentioned in the 2013-01-23 update), and now Elie Bursztein, the researcher, has recently released his findings and the issues that could have created a massive upset for iOS users if the exploits became widely utilized.
“Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users,” Elie Bursztein states in his blog. “This post discuss the vulnerabilities I found. As a bonus, I made several video demos of the attacks described in this post so you can see by yourself how dangerous not having full HTTPS is.”
Basically, the flaw came into being because Apple didn’t use encryption when an iPhone or other mobile device tried to connect to the App Store. What that meant is that an attacker could hijack the connection.
Moreover, in addition to a security flaw, the unencrypted connections also created privacy vulnerability as the complete list of applications installed on the device were disclosed over Wi-Fi.
“An Apple representative declined to respond to questions from CNET this morning, including a query about why it took so long to fix this particular vulnerability,” CNET wrote.
© Copyright 2020 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton