Apple Lossless Audio CODEC (ALAC), presents iOS as the most secure operating system on the planet and if it is to follow the complaints of US prosecutors, the American company has done a very good job in protecting its users and the data stored by them in their own terminals, but that does not mean that everyone must feel safe.
Unfortunately, it seems like a version of the AFNetworking system, implemented in a multitude of applications available in App Store, has a serious security problem that allows hackers to intercept the data transmitted by our applications to the developers' servers, even if the transfer is made using the HTTPS protocol.
The vulnerability was discovered by the security company SourceDNA, allowing hackers to steal user data and here we are talking about usernames and passwords for various online accounts, bank information for mobile or online payments, plus almost any kind of data transferred from applications to the developers' servers.
To exploit the bug, attackers on a coffee shop Wi-Fi network or in another position to monitor the connection of a vulnerable device need only present it with a fraudulent secure sockets layer certificate. Under normal conditions the credential would immediately be detected as a counterfeit, and the connection would be dropped. But because of a logical error in the code of version 2.5.1, the validation check is never carried out, so fraudulent certificates are fully trusted.
Although the AFNetworking system has been updated and the problem has been solved, unfortunately it seems that more than 1500 App Store applications have not yet been updated, so users who use them constantly risk having their data intercepted by hackers at any time , so you have to protect yourself.
To help users quickly find out if their favorite applications are affected by this vulnerability or not, SourceDNA analyzed the 1.4 million applications of the App Store and created a special database that can be accessed through this page where we can search for our favorite applications to see if they are affected.
If your application does not transmit confidential data to any server, then you do not need to worry because the simple retrieval of information is not dangerous, so you must be vigilant about applications that have been designed to store and transmit confidential data .
