Several South African iOS apps vulnerable
SourceDNA has released a report titled “AFNetworking Strikes Back: 25,000+ Apps” which highlights that over 25,000 iOS apps face exposure due to a security flaw (which has been fixed about a week ago) in a commonly used networking library. I originally wrote about it in the post “Most used South African iOS apps affected by MiTM security flaw” a few days ago.
The latest flaw exposes a number of local iOS applications (many of which deal with financial information):
- 22seven (24.4.2015 14:00 – developer will release update)
- Discovery (24.4.2015 15:47 – false positive according to developer)
- Old Mutual
- Snapscan (24.4.2015 14:00 – false positive according to developer)
- Standard Bank
Although it should be the responsibility of application developers to ensure that their apps are secure and libraries are up-to-date (it’s really not that difficult to follow AFNetworking changelog), I reached out to the publishers of the apps and only two acknowledged receipt of my message to them. The vulnerability of the MiTM attack vector has been widely publicised and should not be news to any of the above publishers.
To mitigate any exposure or MiTM attack, I suggest that you check via SourceDNA if the affected apps have been patched and download updates as soon as possible. Considering that Apple takes several days to approve application updates, I suggest that you do not use the exposed apps on public networks / WiFi-hotspots.