NEWS - March 11, 2013
by Carol~ - 3/11/13 7:17 AM
After leaving users exposed, Apple fully HTTPS-protects iOS App Store (Updated)
"But don't break out the bubbly yet. Apple engineers still have work to do."
For the past nine months—and possibly for years—Apple has unnecessarily left many of its iOS customers open to attack because engineers failed to implement standard technology that encrypts all traffic traveling between handsets and the company's App Store.
While HTTPS-encrypted communications have been used for years to prevent attackers from intercepting and manipulating sensitive traffic sent by online banks and merchants, the native iOS app that connects to Apple's App Store fully deployed the protection only recently. Elie Bursztein, a Google researcher who said he discovered the security hole in his spare time, said in a blog post published on Friday that he reported various iOS flaws to Apple's security team in July. His post gave no indication that the iOS app had ever fully used HTTPS, raising the possibility that this significant omission has been present for years. (Apple doesn't comment on security matters, so it's impossible for Ars to confirm the precise timeline or level of protection.)
Continued : http://arstechnica.com/security/2013/03/after-leaving-users-exposed-apple-finally-https-protects-ios-app-store/
Apple Finally Fixes App Store Vulnerabilities
Apple finally adopts HTTPS for the App Store - here's why it matters
Apple fixes App Store vulnerability after Google dev reports it
Apple belatedly patches App Store vulnerability