After six months of its discovery, Apple finally fixes a security problem on the app store. Taking advantage of the previous situation, an attacker could gain access not only to the credentials of user accounts, but also force the installation of applications other than those selected.
App Store uses unencrypted HTTP to define some links in the App Store. By exploiting this vulnerability, an attacker could steal passwords for accounts, install fake applications updates, do not allow downloading certain content or monitor applications installed inside the device. Basically would have full control of the App Store on an iOS terminal.
The “bug” was discovered by Elie Bursztein about six months ago, Apple warned of the dangers to which users were facing. The Cupertino Company has reported in recent days that the problem has been solved, even with months of delay since its discovery, timing quite remarkable.
From now on all the contents of the App Store are protected by encrypted protocols (HTTPS) by default. Cupertino’s virtual store received the last attack in 2010, where some users have stolen hundreds of dollars. Following the event Apple enhanced security policies of the App Store, which received additional improvements in April 2012 fixing security problem on the app store, with the inclusion of a personal question for each account.
Via | MacNN