Not particularly surprised
After all they say themselves that "AFNetworking is a delightful networking library for iOS and Mac OS X".
Some 25,000 iOS apps are exposed to man-in-the-middle attacks thanks to vulnerabilities in the popular AFNetworking library. The now-fixed Secure Sockets Layer (SSL) bug is the latest found in the library which has been patched three times since March. US firm SourceDNA says the flaw existed in code that was near a previous …
So... As an IT dude that probably has some influence over IOS things.
What should I do? While I could go and learn how to audit IOS things and check if my frontend folks are using AFNetworking in a vulnerable version, wouldn't it be easier to just make cert pinning a reality.
Somehow both these possibilities are kinda out of my reach right now due to me working in a large international type enterprise company in a sector similar to the examples linked in the article (hence me asking this as anon).
Oh dearest commentards, please enlighten me. Is this the kind of problem that warrants me writing an email to our corporate security mail or not? I have written plenty of those and don't want to seem pesky over petty issues.
So 25,000 apps, with who knows how much economic value in the apps themselves as well as the information transferred through them, which must be at least in the hundreds of millions of dollars per year, all of it flowing through a library maintained by an independent open-source developer.
Meanwhile, in other news, Apple is sitting on $187 Billion dollars in cash they don't know what to do with.
I'm not an economist, but this chronic situation shows some serious misallocation of resources in the economy. This can't go on like this - private industry needs to recognize the importance of open-source software and support it for real, not these pathetic one-time grants like the Linux Foundation is doing, but serious Billion dollar-level investments need to be made by industry - these are serious issues that affect millions of paying customers..
Biting the hand that feeds IT © 1998–2021