About 1,500 iOS apps have an HTTPS vulnerability leaving them open to attack, according to analytics service SourceDNA. The flaw stems from a weakness in version 2.5.1 of AFNetworking, an open-source code which provides networking capabilities for apps.
Apps containing the code may not properly validate SSL certificates, leaving users of apps like Movies by Flixster with Rotten Tomatoes and Citrix OpenVoice Audio Conferencing vulnerable to spying over public Wi-Fi networks. AFNetworking has updated version 2.5.2 to fix the issue and companies like Yahoo, Microsoft and Uber have already issued fixes for affected apps.
The full list of vulnerable apps still using version 2.5.1 has been kept private, but SourceDNA provides a search tool allowing users to see which of their apps might be affected. [via Ars Technica]