dcsimg
November 23, 2017
Hot Topics:

Researcher: iOS Apps Are Handling TLS Certificates Incorrectly

  • February 7, 2017
  • By Developer.com Staff

Will Strafach, CEO of Sudo Security Group, says that he has found 76 iOS apps that are handling Transport Layer Security (TLS) certificates improperly, potentially allowing attackers to intercept user data. He says that some of the apps belong to "banks, medical providers, and other developers of sensitive applications." In all, the vulnerable apps have been downloaded 18 million times.

Apple requires mobile development firms to encrypt data using TLS, but Strafach says same apps are accepting invalid TLS certificates. Strafach is attempting to contact the developers involved in order to help them update their code. "Be extremely careful when inserting network-related code and changing application behaviors," he warned. "Many issues like this arise from an application developer not fully understanding the code they’ve borrowed from the web."

View article


Share



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date