Today's Hard|Forum Post
Today's Hard|Forum Post

Friday March 08, 2013

Apple Finally Fixes App Store Password Flaw

Let's see, the company was informed of the vulnerability last July, but it wasn't fixed until today. I'd say that's pretty quick for Apple. wink

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities I found. As a bonus, I made several video demos of the attacks described in this post so you can see by yourself how dangerous not having full HTTPS is.