Remember the good ol' days when people insisted Apple products were totally secure and free from security concerns? Ignorance, as they say, is bliss, because these days there are more vulnerabilities than you can shake a stick at. Case in point, an apps vulnerability that lets hacker bypass HTTPS security to steal sensitive information.
According to analytics firm SourceDNA, the problem can be traced back to open source code library AFNetworking. Version 2.5.1, which was released in January, included a bug that could let someone skip a validation check and access an iOS device on the same Wi-Fi network. Then all they have to do is present a fake SSL certificate which would let them easily decrypt HTTPS data.
Version 2.5.2 was released three weeks ago, but a number of iOS apps are still using the old insecure code. Apparently that includes big names like Uber, Movies by Flixster, and Alibaba. SourceDNA has contacted apps developers directly, and a number of major companies have apparently made changes to their apps. That said, a lot of apps are still exposed.