sourcedna.com
AFNetworking Strikes Back: 25,000+ Apps
https://sourcedna.com/blog/20150424/afnetworking-strikes-back.html
AFNetworking Strikes Back: 25,000 Apps. April 24, 2015. Remember back when 1,500 vulnerable apps. Was a big deal? How about 25,000 apps? There’s another AFNetworking SSL flaw in apps that exposes user data to any attacker with a $50 certificate. A few weeks ago, we found that version 2.5.2 did fix this issue, but there was another flaw nearby in the same code. Domain name validation could be enabled by the. The previous SSL flaw was fixed, but no one seemed to have noticed that it had been left out of th...
sourcedna.com
SourceDNA Blog
https://sourcedna.com/blog
IOS Apps Caught Using Private APIs. Oct 18, 2015. We’ve found hundreds of apps in the App Store that extract personally identifiable user information via private APIs that Apple has forbidden them from calling. This is the first time we’ve seen iOS apps successfully bypass the app review process. But, based on what we learned, it might not be the last. We found these apps while adding support to Searchlight. However, in some cases, these parameters can’t be statically resolved. Since they’re just str...
sourcedna.com
SourceDNA | Code Transparency for iOS & Android Apps, SDKs
https://sourcedna.com/about.html
We are creating code transparency. SourceDNA is creating a world where binary software is as transparent as source code, helping people who use, write, or sell code to make informed decisions. We've been growing ever since. SourceDNA's app store integration automatically scans iOS and Android apps, tracking SDK marketshare and providing sales lead generation. We also help improve code quality and security with our in-depth analysis. We continue to add to our first-class team. And provide in-depth stats.
arstechnica.com
Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks | Ars Technica
http://arstechnica.com/security/2015/04/24/critical-https-bug-may-open-25000-ios-apps-to-eavesdropping-attacks
The Rise of Specialized Databases. Sign up or login to join the discussions! Sign up to comment and more. Risk Assessment —. Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks. Just when you thought it was safe to use AFNetworking apps, a new threat emerges. Apr 24, 2015 5:00 pm UTC. Aurich Lawson / Thinkstock. 1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device? As was the case with a separate HTTPS vulnerability reported earlier this week. May expose data that's tri...