More than 25,000 iOS apps are currently facing a major security vulnerability due to a bug detected in older AFNetworking version (an open source code library that helps developers add networking capabilities to their iOS/OS X apps). The threat exposes the networking library making it easy for hacker to extract enterprise information and view encrypted data. This blog explain how you can protect and deliver better security for your iOS enterprise apps.
Hackers gaining access to iOS apps via SSL Bug
The security bug allows an attacker to hack the iOS device by switching to the same Wi-Fi network, which the user is currently logged onto, enabling the hacker to view data in transit.
It also affects Secure Sockets Layer (SSL) code in AFNetworking. This framework has been updated three times in the past six weeks, has addressed numerous SSL flaws but leaves numerous apps vulnerable to security attacks.
The latest version of AFNetworking, 2.5.3 has fixed the weakness found in the library’s domain name validation process. SourceDNA, a security firm, discovered the recurrent flaw on Friday. They shared that AFNetworking must be upgraded to 2.5.3, and should enable public key or certificate-based pinning for adding as an extra layer of defense. Although version 2.5.2 was meant to fix this issue, a flaw nearby the same code was missed.
Do you want to update your iOS apps to the latest AFNetworking version? Are you currently facing challenges to provide security for your enterprise apps?