1.5K Apple apps vulnerable to eavesdropping, researchers find

About 1,500 applications for iPhones and iPads contain a vulnerability that could allow hackers to intercept protected communications, according to research released on Monday.

The security weakness was discovered in iOS device programs ranging from Citrix OpenVoice Audio Conferencing to Movies by Flixster with Rotten Tomatoes. The problem was built into the apps through an open-source code library that enables networking capabilities, according to reports.


The discovery by SourceDNA, which analyzes mobile applications, underscores the risk of security flaws when there is a weakness in open-source code used by app developers.

While Yahoo, Microsoft and Uber have reportedly fixed the bug in their applications, there are about 1,500 more services that have not, Ars Technica reported.

To exploit the flaw, a hacker could merely log onto a communal WiFi network and present a target’s device with a fraudulent encryption certificate. If the target has one of the insecure apps installed, it is possible that the hacker could go on to intercept Web traffic that is supposed to be encrypted.

Users can find out if their applications are vulnerable through a search tool created by the researchers.