Apple’s App Store vulnerability has been in news for a while, and although the problem has been overshadowed by other different issues, a fix was still was still pending for the vulnerability. Now it seems like Apple has taken a serious note of it and there’s more to follow up on that.

Follow us

Per reports, Apple has eventually fixed a certain security flaw in its application store that for has allowed attackers to steal passwords and install unwanted or extremely expensive applications for some time now.

The problem in the App Store was first noticed back in July when a security researcher at Google discovered a boatload of vulnerabilities in Apple's App Store that grew bigger due to Apple's failure to implement HTTPS encryption.

However, six months later, Apple finally started making use of HTTPS in the App Store (as mentioned in the 2013-01-23 update), and now Elie Bursztein, the researcher, has recently released his findings and the issues that could have created a massive upset for iOS users if the exploits became widely utilized.

“Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users,” Elie Bursztein states in his blog. “This post discuss the vulnerabilities I found. As a bonus, I made several video demos of the attacks described in this post so you can see by yourself how dangerous not having full HTTPS is.”

Basically, the flaw came into being because Apple didn’t use encryption when an iPhone or other mobile device tried to connect to the App Store. What that meant is that an attacker could hijack the connection.

Moreover, in addition to a security flaw, the unencrypted connections also created privacy vulnerability as the complete list of applications installed on the device were disclosed over Wi-Fi.

“An Apple representative declined to respond to questions from CNET this morning, including a query about why it took so long to fix this particular vulnerability,” CNET wrote.

Join Our Conversation

Smartphones

LG to launch always-on, voice-controlled smartphone next year

BlackBerry Q10 arriving on AT&T on June 21

HTC unleashes Butterfly S: Price, specs, availability

Huawei wants to acquire Nokia, calls Windows Phone "weak"

Tablet / Laptop / PC

Microsoft Surface RT 2 to rock Qualcomm 800 chip, Windows 8.1

AT&T Galaxy Note 8.0 LTE costs $399.99 on contract, $199.99 with smartphone bundles

Chromebooks land on Walmart, more retailers to get it soon

Apple's next iPad mini 7.9 inch Retina display will be Samsung-made

Gadgets

Nintendo 3DS outsold Microsoft Xbox 360 in the U.S.

AMD moves from Intel's x86 platform to ARM for servers

OUYA team and E3 organizers battle over parking lot space

Sony PlayStation 4 to be available at $399 at the end of this year

OS / Software

PS3 latest software update 4.45 bricking the consoles

Android 4.2.2 Jelly Bean update for Sony Xperia Z spotted in video

Windows Phone 8 GDR2 update reportedly coming in July

iOS 7 Beta comes with a bug that opens the lock screen to access photos [Video]

Internet / Social Media

Microsoft Socl adds meme generator and GIF creator

What to expect from Facebook's June 20 event

WWDC 2013: OS X 10.9 Mavericks Safari is going to help you extend battery life

Samsung Galaxy S3 browser bug spikes data usage, slows loading times

What's App

Microsoft paying app developers up to $100,000 to bring content to Windows Phone 8

Windows 8.1 brings newly updated Xbox Music app

Instagram may add video on June 20 to challenge Twitter's Vine

Microsoft Office now available for iPhones, but there's a catch