Monday, March 11, 2013
In the App Store eliminated multiple vulnerabilities
Security researcher Elie Bursztein in his blog said the company Apple, after more than half a year, eliminated multiple vulnerabilities in the iOS-application for the App Store.
Also, according to Burstein App Store started to work over HTTPS, preventing the possibility of pre-existing stealing passwords from users of Internet resources, as well as plants without their knowledge paid applications.
According to the developer Google, the existence of gaps Corporation reported in July of last year, but during this time the protocol was not used, and clients are potentially dangerous.
The researcher said that the attacks were aimed at capturing and manipulating vulnerable network traffic. To conduct attacks attackers could use public Wi-Fi-network, and in order to carry out the attack, they had to just be in the same network as the victim.
Abusing lack encrypted connection HTTPS, hackers could steal passwords, forcing customers to buy fake Apple applications or replace free content paid. In addition, attackers can force the user to install a fake application upgrades or improvements to manipulate existing content, and steal confidential data of the victims.
Apple finally turns HTTPS on for the App Store, fixing a lot of vulnerabilities: http://elie.im/blog/web/apple-finally-turns-https-on-for-the-app-store-fixing-a-lot-of-vulnerabilities/