January 26, 2021
Hot Topics:

Researcher: iOS Apps Are Handling TLS Certificates Incorrectly

  • By Developer.com Staff

Will Strafach, CEO of Sudo Security Group, says that he has found 76 iOS apps that are handling Transport Layer Security (TLS) certificates improperly, potentially allowing attackers to intercept user data. He says that some of the apps belong to "banks, medical providers, and other developers of sensitive applications." In all, the vulnerable apps have been downloaded 18 million times.

Apple requires mobile development firms to encrypt data using TLS, but Strafach says same apps are accepting invalid TLS certificates. Strafach is attempting to contact the developers involved in order to help them update their code. "Be extremely careful when inserting network-related code and changing application behaviors," he warned. "Many issues like this arise from an application developer not fully understanding the code they’ve borrowed from the web."

View article

This article was originally published on February 7, 2017

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date