Apple has fixed a security problem that had existed for some time in its App Store application on iOS (iPhone, iPod Touch, iPad). In July 2012, Google researcher Elie Bursztein found and reported to Apple that there were numerous vulnerabilities in its App Store app because it used unencrypted communications to talk to Apple’s servers. This left users vulnerable to Man-in-the-Middle (MitM) attacks that could allow an attacker to steal passwords or other information. Apple has now announced that it is using HTTPS to communicate between the App Store app and its servers, and Bursztein has taken the opportunity to show how various attacks could have been carried out using a MitM.
As well as the obvious password stealing attack – carried out by injecting a script which generates a fake dialog requesting a password into the software updates page – Bursztein shows how an attacker could trick users into buying apps, push fake upgrades, prevent apps from being installed, or see which apps are installed. That latter issue doesn’t appear to be that important but Bursztein points out it could reveal, by the selection of apps, which bank or other services the victim uses.