In July 2012, a Google security researcher discovered a vulnerability in the iOS App Store which came from Apple"s failure to properly implement HTTPS encryption. Now, over 6 months later, Apple has finally started using the HTTPS protocol for the App Store, stemming the potential flow of exploits that could"ve plagued iOS users.
Elie Bursztein, who originally uncovered the exploit, has taken to his blog with the news that Apple has updated the App Store to properly implement HTTPS, saving iOS users from harm. If Apple had not properly implemented HTTPS, or had failed to act, anyone could potentially access iOS user"s passwords, force users to download different apps from the ones they intended, manipulate app updates so that users install app without knowing and prevent users from downloading apps altogether. If a hacker could force someone to download an app, they could force them to spend money on something they didn"t want. These hacks require the user and hacker to be on the same Wi-Fi network, but that is common in places such as cafés and airports which have open-access Wi-Fi. Once a hacker gets control of an iTunes password, they can cause a lot of damage, as Wired writer Mat Honan found.
It is especially surprising that Apple left the potential vulnerability open for so long, even after Bursztein alerted Apple to it back in July 2012. However, no-one has ever reported that hackers accessed their account through this method.
Source: Elie Bursztein | Image via TechSpot