Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Posted by Soulskill on Tuesday April 21, 2015 @04:12PM from the snake-in-the-walled-garden dept.

mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1,500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. "The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1,500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw."

1 of 73 comments (clear)

Min score:

Reason:

Sort:

~1500 App Developers wasted their time by GrahamCox · 2015-04-21 17:05 · Score: 3, Informative

iOS has perfectly functional networking libraries and simple objects that provide an API to them. Why anyone would bother linking in a 3rd party library to replicate that functionality I can't understand. If a vulnerability were found in the iOS libraries, Apple could roll out an update and fix it overnight. As it is, that's ~1500 apps need to be revved.