Ios
featured
Ios
featured
Ios
PhoneDog Media Exclusive
Download iM5, now available in the App Store and Google Play. iM5 is a PhoneDog Media backed Social Platform to inspire real-life action through the crowdsourcing of ideas. See the video

Apple App Store iOS iPhone 4S

It's been revealed that Apple recently made a change to the App Store that, while it may not seem like a big deal, actually patches a large hole that was present in its storefront. Security researcher Elie Bursztein revealed today that Apple recently began serving up App Store content using an encrypted HTTPS connection, which patches a vulnerability that Bursztein originally reported to the Cupertino firm in July 2012. As a result of the patch, Bursztein has published a blog entry describing the vulnerability and explaining what it a malicious user could do with it.

Bursztein, who works at a security researcher at Google, explains that since the App Store used to serve up data over an unencrypted HTTP connection, attacks could be carried out on an unsuspecting user when connected to the same public network as him or her. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks: steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intended to get or by showing fake app updates, prevent a person from installing an app by making it disappear from the App Store or force the App Store to show the entire list of apps installed on a device.

When asked about the issue, Apple declined to comment on the matter, so it's not clear exactly why it took the company several months to get it fixed up. The good news is that the situation has been addressed, though, and thankfully Bursztein reported the problem to Apple after discovering it and waited to make the hole public until it was patched. If he hadn't held off on posting the information, malicious users may have actually taken advantage of the security hole and caused quite a headache for Apple. Bursztein has posted some videos that show the App Store holes in action, a couple of which can be found below. More details on the attacks themselves can be found at Bursztein's blog.

Via CNET, Elie Bursztein, Apple


Don't forget to VOTE! Each week, PhoneDog Fans vote for their #1 smartphone in the Official Smartphone Rankings. Vote now and contribute to the industry's most relevant weekly ranking charts


Related posts



Comments & discussions  




Most popular Videos
Most popular Videos
Most popular Videos

Most popular Reactions
Most popular Reactions
Most popular Reactions

This weeks "People's Choice Rankings" best smartphones
People's Choice Rankings


See all hot devices