Latest Posts

Windows PUPs: how do I remove potentially unwanted programs?

I recently updated Firefox, registered my free copy of Ad-Aware, and updated CCleaner. I then found two unwanted programs installed on my PC. One...

Dark Souls comes to PC – and your questions for From Software

Namco Bandai is bringing its brilliant action RPG to the PC, with extra stuff included. And we're talking to the developers in a couple...

is dead, says security expert at Symantec

Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec. Remarks by Brian Dye, senior vice-president for...

What can I do if Windows won’t run my old software, such as Quicken 2002?

I’ve been running Intuit’s Quicken for years: my current version is 2002 Deluxe. It runs fine under Windows 7, but I haven’t tried it...

Networking flaw opens ‘millions’ of iOS app users to data theft

Around 1,000 iOS apps are affected by a weakness in their mobile security which can make it easy for attackers to access encrypted data like passwords, bank account numbers and home addresses as they are being sent over the airwaves, according to a report from security firm SourceDNA.

Companies including Microsoft, Uber and Yahoo all released apps affected by the flaw – they have now fixed them but many others still have not updated their apps to a new secure version.

09dbcb48-73e8-4612-877d-24bca600d30b-2060x1236

The affected apps all share the same code, available for free to help developers incorporate encryption into their programmes. Called AFNetworking, the code library was revealed to have a flaw in its implementation of SSL, the web security technology that allows sensitive data to be exchanged over the net. It was introduced in January, and fixed in late March, but 1,000 or so apps are still running the vulnerable version.

An unknown number of apps running the vulnerable version will still be safe to use, however, since the flaw is only present if the developers of the app leave a specific setting unchanged from its default.

SourceDNA scanned all the free apps, as well as the top 5,000 paid ones, available on the iOS App Store, to find apps that are still vulnerable. Out of the 1m-plus apps scanned, the firm found 100,000 which used AFNetworking; of those, 20,000 had been released since the vulnerability was introduced into the library.

“Our system then scanned those apps with the differential signatures to see which ones actually had the vulnerable code,” the company writes. “The results? 55% had the older but safe 2.5.0 code, 40% were not using the portion of the library that provides the SSL API, and 5% or about 1,000 apps had the flaw.

“Are these apps important? We compared them against our rank data and found some big players: Yahoo!, Microsoft, Uber, Citrix, etc. It amazes us that an open-source library that introduced a security flaw for only six weeks exposed millions of users to attack.” Microsoft, Uber and Yahoo have since fixed their vulnerable apps, and users should update to the latest version, but Citrix, makers of a popular conference call software solution, remain vulnerable.

The company has created an online tool for developers to check if their own apps are vulnerable, and users can check for themselves whether they use an app that is or has been affected by entering the name of the apps’ publisher.

The AFNetworking vulnerability makes it easy for an attacker to crack a type of encryption called SSL. This is best known to most users as the technology that secures e-commerce transactions, typically marked with a padlock symbol in the browser bar, but it is increasingly widely used to protect user privacy against all sorts of attackers, from government eavesdroppers to identity thieves.

Without SSL, or similar encryption, internet traffic can be intercepted through a “man-in-the-middle” attack, where an attacker routes traffic through their own computers to alter or steal it. A typical scenario for such an attack would be against a customer browsing free Wi-Fi in a coffee shop; but there’s little technical difference between that and the systematic surveillance practiced by Western intelligence agencies.

Like the OpenSSL Heartbleed bug before it, which catastrophically broke millions of servers worldwide, the flaw in AFNetworking could raise questions about the longstanding assumption that open-source software (where the source code is public and can be reused freely) is inherently more secure. Despite the 100,000 apps using AFNetworking, the bug still took more than a month to be discovered

Latest Posts

Windows PUPs: how do I remove potentially unwanted programs?

I recently updated Firefox, registered my free copy of Ad-Aware, and updated CCleaner. I then found two unwanted programs installed on my PC. One...

Dark Souls comes to PC – and your questions for From Software

Namco Bandai is bringing its brilliant action RPG to the PC, with extra stuff included. And we're talking to the developers in a couple...

is dead, says security expert at Symantec

Antivirus software only catches 45% of malware attacks and is “dead”, according to a senior manager at Symantec. Remarks by Brian Dye, senior vice-president for...

What can I do if Windows won’t run my old software, such as Quicken 2002?

I’ve been running Intuit’s Quicken for years: my current version is 2002 Deluxe. It runs fine under Windows 7, but I haven’t tried it...

Don't Miss

Create a Dynamic Form in WordPress

WordPress's super versatility has catapulted it far past its humble beginnings as a running a blog platform. It appeals each to the novice and...

Trump signs and symptoms sanctions

On the day that changed his existence, Gregory Cheadle nearly stayed in the mattress. He was tired — he traveled loads in his long-shot bid...

CHINA BANS NORTH KOREA TOURISM ONE DAY BEFORE TRUMP ARRIVES

one day before President Donald Trump arrives in China as a part of his Asian tour, u. S. Has banned tourism to North Korea,...

This excursion, take a ride to N. Korea

North Korea’s tourism business enterprise has released a website offering vacation alternatives starting from browsing to rice planting, despite sturdy U.S. Warnings to avoid...

What To Look For In Screen Recording Software

The screen recording software that is available nowadays runs the gamut between the most basic of recorders to advanced tools with lots of options....

Stay in touch

To be updated with all the latest news, offers and special announcements.