Apple has fixed a security problem that had existed for some time in its App Store application on iOS (iPhone, iPod Touch, iPad). In July 2012, Google researcher Elie Bursztein found and reported to Apple that there were numerous vulnerabilities in its App Store app because it used unencrypted communications to talk to Apple’s servers. This left users vulnerable to Man-in-the-Middle (MitM) attacks that could allow an attacker to steal passwords or other information. Apple has now announced that it is using HTTPS to communicate between the App Store app and its servers, and Bursztein has taken the opportunity to show how various attacks could have been carried out using a MitM.

As well as the obvious password stealing attack – carried out by injecting a script which generates a fake dialog requesting a password into the software updates page – Bursztein shows how an attacker could trick users into buying apps, push fake upgrades, prevent apps from being installed, or see which apps are installed. That latter issue doesn’t appear to be that important but Bursztein points out it could reveal, by the selection of apps, which bank or other services the victim uses.

Welcome to our site! Which clearly looks nice, but not quite complete let.  As we continue to get our website migrated to this new host why not join us?  We have a Newsletter we send out from time to time that is informative as to what services we offer, and any notifications on what is going on, in the cyberspace world!?