Malicious code in iOS applications

Will Strafah analyzed related to the IOS applications that are vulnerable to interception quiet (normal) TLS-protected during use of the data. During testing, he confirmed about 76 popular IOS software applications allow a silent man in the middle, to be performed on the compounds which are to be protected TLS (HTTPS), which allows the interception and / or manipulate data in motion.

 

There are many potential locations along the network path for this class of vulnerability to exploitation for the purpose of intercepting the data. The author describes in detail the methods of attack. From the list of Cisco IOS software applications that are vulnerable to this attack, but represent a low risk for the end user, if intercepted data, can be found here. If you have questions or you need any mobile research app, you can contact the author.

 

More.