HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Let's see, the company was informed of the vulnerability last July, but it wasn't fixed until today. I'd say that's pretty quick for Apple.
Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities I found. As a bonus, I made several video demos of the attacks described in this post so you can see by yourself how dangerous not having full HTTPS is.