Researchers from security firm SourceDNA have found 1500 apps in the App Store that suffer from an SSL validation issue discovered in an open source library. Although the library was only in the wild for a few weeks, it made its way into 1500 applications downloaded by over two million people.
The flaw was found in a software library called AFNetworking. Due to lack of SSL certificate validation, a man in the middle attack where someone simply intercepts network traffic, could bypass SSL and see the user credentials used by an application. SourceDNA decided to track down apps that were using the vulnerable version of AFNetworking in order to notify developers so they could fix the problem.
It’s an interesting piece of data and highlight how interdependent software developers are on each other.
It’s important to note that this isn’t a piece of malware introduced into the App Store. It’s a shared piece of software code that many developers used. It also highlights the importance of keeping apps up to date – something that almost everyone can do better according to a recent report.