A ?major security flaw? in the form of an iOS bug has been identified by cybersecurity firm SourceDNA in a piece of networking software that could potentially leave users of about 1,500 iOS applications vulnerable to hacking.
The iOS bug was spotted by SourceDNA, an analytics company which reports that Microsoft, Uber, Citrix and Yahoo are among the companies with the flawed software code in one or more of their apps, leaving millions of Apple device users exposed to cyber attacks.
According to research published by SourceDNA on Monday, a multitude of iOS apps remain vulnerable to man-in-the-middle attacks that can access through HTTPS-encrypted data.
?The proverbial coffee shop attacker could easily bypass SSL and see all your app?s user credentials and banking data,? the company wrote on its blog.
In order to exploit the bug, hackers who have access to a public network such as coffee shop Wi-Fi networks can monitor the connection of a vulnerable device. They only need to present it with a fraudulent secure sockets layer certificate. Tech site 9to5Mac.com further explains that a man-in-the-middle attack allows fake WiFi hotspots to intercept data from devices connecting to it. This method usually wouldn?t work with secure connections, since the fake hotspot would not have the accurate security certificate. However, the newly discovered iOS bug function let these vulnerable apps fail to check the certificate.
Vulnerable iOS apps
The security flaw is actually identified by SourceDNA last month. It has been fixed via an open-source code update containing the vulnerability. The problem arises when some app developers fail or have yet to update to the newer version.
Ars Technica shared that approximately two million iOS users have installed the vulnerable applications, including the Citrix OpenVoice Audio Conferencing, Movies by Flixster with Rotten Tomatoes, the Alibaba.com mobile app, and KYBankAgent 3.0 among others. Initially, SourceDNA kept the names of those affected apps private to give developers time to update. Now, the firm provided a search tool to allow iPhone and iPad users to search which apps are vulnerable to the iOS bug.