A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.
Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store.
Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week.
An attacker only needs to be on the same network as the person who is using the App Store. From there, they can intercept the communications between the device and the App Store and insert their own commands.
The malicious user could take advantage of the unsecure connection to carry out a number of different attacks i.e steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intended to get or by showing fake app updates, prevent a person from installing an app by making it disappear from the App Store or force the App Store to show the entire list of apps installed on a device.
Bursztein has posted some videos that show the App Store holes in action, a couple of which can be found below:
He said that he alerted Apple to his findings back in early July of 2012, and Apple only turned on HTTPS encryption at the end of January and even the App Store existed for years without having HTTPS encryption.
