Apple Finally Fixes App Store Password Flaw

HardOCP News · Mar 8, 2013

Let's see, the company was informed of the vulnerability last July, but it wasn't fixed until today. I'd say that's pretty quick for Apple.

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities I found. As a bonus, I made several video demos of the attacks described in this post so you can see by yourself how dangerous not having full HTTPS is.

DeathPrincess · Mar 8, 2013

They filed a patent for complaining about their app store. Now anyone that complains will face $1b fines and corrupt juries and judges. Problem solved!

dandirk · Mar 8, 2013

omg the app store was communicating in the clear? Wonder how much is actually exposed via app store traffic...

dyzophoria · Mar 9, 2013

seriously? not protecting a service like that with HTTPS?

KENNYB · Mar 10, 2013

dandirk said:
omg the app store was communicating in the clear? /QUOTE]

Ugh... no. Read the comments here for a better explanation:
http://arstechnica.com/security/201...ally-https-protects-ios-app-store/?comments=1

Apple Finally Fixes App Store Password Flaw

HardOCP News

[H] News

DeathPrincess

Fully [H]

dandirk

[H]ard|Gawd

dyzophoria

Gawd

KENNYB

2[H]4U