Security researchers and entrepreneurs Adi Sharabani and Yair Amit disclosed details about a widespread vulnerability affecting Apple’s iOS applications that would allow attackers to redirect app communications to servers under their control through HTTP hijacking.
The researchers revealed the URL caching vulnerability in a session at the RSA Conference Europe in Amsterdam. The flaw is so widespread, that the pair decided it would be too difficult to approach each application developer individually, and so hope their RSA talk will get the word out more swiftly.
“We rely so much on our iPhones, and we rely on the apps in there and think of the app as something solid. It makes you think: When you read the news this morning, did you read the real news or was it just fake information that the attacker is sending to you?” Amit said.
The researchers have made a simple code available that would mitigate the vulnerability in iOS applications, which can be accessed on their blog here.
The researchers say growing awareness of application security as a primary attack vector should inspire better coding practices, but progress is slow.
“What I foresee — and I already see the trend getting larger — is that there will be problems with application code in mobile devices. I think Apple and Google have done a great job, but again, it’s just inevitable. Coding problems always happen, and they have security implications,” Amit said.
Read More Here…