Dozens of popular iOS apps vulnerable to intercept of TLS-protected data

https://cdn.arstechnica.net/wp-content/uploads/2012/05/tack_ieft_proposal2-e1337804479106.png

While developing a tool for evaluating mobile application security, researchers at Sudo Security Group Inc. found out something unexpected. Seventy-six popular applications in Apple’s iOS App Store, they discovered, had implemented encrypted communications with their back-end services in such a way that user information could be intercepted by a man-in-the-middle attack. The applications could be fooled by a forged certificate sent back by a proxy, allowing their Transport Layer Security to be unencrypted and examined as it is passed over the Internet.

Tags: 

Read more: Dozens of popular iOS apps vulnerable to intercept of TLS-protected data

Story added 7. February 2017, content source with full text you can find at link above.