HTTPS bug in IOS may open up vulnerability to eavesdropping

[alicskysareblue]

NOTE: in light of my last topic I am going to make this clear, this has NOTHING to do with apple, this DOES have to do with iOS, and  an open source API known as AFnetworking: go hear for more info http://AFNetworking

 

 

 

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

sourcehttp://arstechnica.com/security/2015/04/24/critical-https-bug-may-open-25000-ios-apps-to-eavesdropping-attacks/.

 

to anyone useing an IOS device check your apps, this vulnerability means that anyone with a a valid certificate, example: someone with a valid certifacte can spoof  microsoft.com because AFNetworking fails to check the validity of  the server, and therfore anyone in say a unsecured wifi spot can spoof microsoft.com.

[RagnarokDel]

IOS is not having a good time lately.

[bcredeur97]

its iOS. not IOS. Everytime I see IOS I think of a Wii/Wii U, as that is what they called the sections of memory on the Flash chip in the Wii. (was important to know for homebrew applications) (not a huge issue OP, it just bugs me)

 

But it really only affects open wifi networks. Which have multiple upon multiple other security risks. DO NOT use open/free wifi for doing anything important like making purchases with card #'s  or viewing bank account information, it can all easily be pulled up via a WLAN chip in monitor mode and Wireshark.

[Guest]

Nothing is perfect, not even iOS and Android... Though this is not iOS specifically but oh well.

[alicskysareblue]

its iOS. not IOS. Everytime I see IOS I think of a Wii/Wii U, as that is what they called the sections of memory on the Flash chip in the Wii. (was important to know for homebrew applications) (not a huge issue OP, it just bugs me)

 

But it really only affects open wifi networks. Which have multiple upon multiple other security risks. DO NOT use open/free wifi for doing anything important like making purchases with card #'s  or viewing bank account information, it can all easily be pulled up via a WLAN chip in monitor mode and Wireshark.

my mistake I was having a hard time, lenovos  new drivers for the thinkpad are really aweful >.<

 

anyways this is pretty much common knowledge but people tend to do this anyways,unfortunatly

[Speedbird]

And the only way to update Safari is by an OS OTA. Awesome......