 |
| English: A black version of an emblem used by iOS app developers to indicate that something is available for download from the App Store. It has a image of an iPhone and reads "Available on the App Store". (Photo credit: Wikipedia) |
A security Flaw was in Apple iOs store from years which allowed
attackers to steal the passwords and could install unwanted or expensive
applications and this Flaw was founded by a Google developer Elie Bursztein
and he helped Apple to fixed that security Flaw in their application store.
Actually this
Flaw allow attackers to Hijack the connection, because Apple always neglected
to use the encryption when iPhone or any other mobile phone tries to connect to
the App store.
Elie Bursztein
also said in his blog that after this flaw he alerted the Apple but the Apple
only turned on the HTTPS for the app store.
What is Process of this Flaw?
We can tell
you in short that how it can be done , An attacker only should be on the same
network on which victim is and from there attacker can intercept the communications
and insert his own commands.
What can Attacker do more?
- Steal the Passwords
- Forcing to purchase an app by swapping it with a different app that the buyer actually intented to get or by showing fake app updates
- Prevent the victim to install an app
