How One Simple iOS Vulnerability Endangers Over 76 Apps

76 – that’s how many iOS apps out there that are currently laced with a security vulnerability. So, what exactly are these apps vulnerable to, you may ask? To data theft—specifically, silent man-in-the-middle attacks that allow cybercriminals to intercept and steal user data ranging anywhere from valuable healthcare, financial, or personal data.

So, where does this massive vulnerability come from? Despite Apple’s recent push on developers toward greater app security, a misconfiguration in the back-end of these apps has created a gaping security hole. This weakness even causes Apple’s ATS (App Transport Security) mechanism—a security requirement for apps to use a secure network connection over HTTPS— to interpret insecure connections as valid.

That means if a cybercriminal exploits any of the weaknesses in these dozens of apps, they can gather sensitive data that is transmitted across a network from that app. That could be anything, from healthcare data sent to your doctor, to credit card information used for your newest purchase—the possibilities are endless.

And with speculation circulating that hundreds of more iOS apps could be susceptible to this same vulnerability, it’s critical that developers build a layer of security into their apps.

Until they do, here are a few tips for protecting your apps and mobile devices from data theft: 

  • Don’t share everything with your app. Until stricter security measures are enforced, keep what personal data you share with your apps to a minimum. Only share what is absolutely necessary, and be skeptical when apps are asking for more data than they should need to operate.
  • Do your homework. If you are debating inputting personal data into an app, do your research, and refer to official App Store reviews. Look into the app’s security standards, scope out app reviews—if it something comes off remotely fishy or insecure, it may be best to avoid the app entirely.
  • Avoid public Wi-Fi. A public Wi-Fi network can be the perfect spot for a cybercriminal to swoop your data, since it’s openly shared across a communal space. Do your best to stay off public Wi-Fi, but if you really need immediate internet access, use a trusted VPN (Virtual Private Network) instead.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top