back to article Man-in-the-Middle diddle hits 25,000 iOS apps

Some 25,000 iOS apps are exposed to man-in-the-middle attacks thanks to vulnerabilities in the popular AFNetworking library. The now-fixed Secure Sockets Layer (SSL) bug is the latest found in the library which has been patched three times since March. US firm SourceDNA says the flaw existed in code that was near a previous …

  1. Dan 55 Silver badge

    Not particularly surprised

    After all they say themselves that "AFNetworking is a delightful networking library for iOS and Mac OS X".

  2. Anonymous Coward
    Anonymous Coward

    Oh unwashed masses of El Reg readersh^H^H^H^H^H^H^H^Hcommentards enlighten me

    So... As an IT dude that probably has some influence over IOS things.

    What should I do? While I could go and learn how to audit IOS things and check if my frontend folks are using AFNetworking in a vulnerable version, wouldn't it be easier to just make cert pinning a reality.

    Somehow both these possibilities are kinda out of my reach right now due to me working in a large international type enterprise company in a sector similar to the examples linked in the article (hence me asking this as anon).

    Oh dearest commentards, please enlighten me. Is this the kind of problem that warrants me writing an email to our corporate security mail or not? I have written plenty of those and don't want to seem pesky over petty issues.



  3. Anonymous Coward
    Anonymous Coward

    The story of the internet.. again

    So 25,000 apps, with who knows how much economic value in the apps themselves as well as the information transferred through them, which must be at least in the hundreds of millions of dollars per year, all of it flowing through a library maintained by an independent open-source developer.

    Meanwhile, in other news, Apple is sitting on $187 Billion dollars in cash they don't know what to do with.

    I'm not an economist, but this chronic situation shows some serious misallocation of resources in the economy. This can't go on like this - private industry needs to recognize the importance of open-source software and support it for real, not these pathetic one-time grants like the Linux Foundation is doing, but serious Billion dollar-level investments need to be made by industry - these are serious issues that affect millions of paying customers..

  4. Kurt 4

    got what they deserve

    That's what Bank of America deserves for canceling their Windows Phone app. Glad I moved on to Ally and Wells Fargo banks. Life's much better now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like