While security companies usually detail vulnerabilities in Android that hackers can use for malicious purposes, analytics service SourceDNA uncovered an encryption flaw that may affect as many as 1,500 applications, Ars Technica reports. Among them, you’ll find some popular titles, including Citrix OpenVoice Audio Conferencing, the Alibaba.com mobile app, Movies by Flixster with Rotten Tomatoes, KYBankAgent 3.0, and Revo Restaurant Point of Sale.
The company looked at a specific vulnerability in open-source AFNetworking, a resource that’s widely used by app developers to “drop networking capabilities into their apps.” Since being discovered, the issue has already been corrected, with various iOS apps having been updated to also fix the flaw. However, 1,500 apps are still at risk of exposing user data to hackers, who would be able to trick a device into believing it’s sending data on an encrypted connection.
The security flaw would allow a hacker to intercept all the SSL traffic from one of the affected apps rather easy. “Due to lack of SSL cert validation, the proverbial coffee shop attacker could easily bypass SSL and see all your app’s user credentials and banking data,” SourceDNA on Monday wrote in a post detailing the security issue.
The company scanned all of the free apps in the App Store and about 5,000 paid apps (more than 1 million titles in total), and found that about 1,500 apps are still vulnerable.
More details about this potentially harmful security issue affecting certain iPhone apps are available at the source links, including a monitoring tool that can be used to check whether certain apps are vulnerable to it.
App users can’t really do anything about the flawed app code other than wait for developers to patch the affected apps. However, users can avoid using affected apps over open, untrusted Internet connections, or uninstall the apps from their devices.