With l 8217; # & last update of iOS Apple would have fixed a security flaw exists in the # & 8217;App Store reported six months ago.
The matter was reported to 8217; # & Californian company by Elie Bursztein, a researcher specializing in the security sector at Google, six months ago, but it seems that the problem has been solved by Apple only with l # & 8217; last updated for iOS, at least according to an article published on the blog of researcher. This flaw could be used on any public Wi-Fi network and allowed to run a series of attacks, listed by Busztein on his blog:
- Steal password: fool l # & 8217; user prompting him to reveal his or her password by using the update notification mechanism to insert a false alert at launch of # & 8217;App Store;
- Exchange applications: 8217; # & l user to install/buy a 8217; # & app chosen by the attacker rather than what 8217; # & l user wanted to buy/install. And 8217; # & can swap a & # 8217; free app with a fee;
- Fake app update: fool l # & 8217; user to install/buy a 8217; # & app choice by inserting fake updates malicious applications or manipulating existing updates;
- Prevent 8217; # & app installation: prevent the 8217; # & user install/update a 8217; # & app hiding it from & # 8217;App store or tricking the 8217; # & app into believing he already installed;
- Privacy issues: the update mechanism of 8217; # & application lists in the list of installed apps on the device.
According to 8217; # & experienced all these attacks are made possible by the lack of HTTPS encryption all & # 8217; # & 8217 inside;App Store, but with l 8217; # & last update Apple has implemented this Protocol, rather than the fact that someone could exploit the flaw to illegal actions all 8217; # & obscure 8217; # & dell user.
Source: AppAdvice
Source From IosDroid.net
No comments:
Post a Comment