Earlier this week, something suspicious started happening with Web addresses related to sites seized by the FBI from Megaupload and a number of online gambling sites. Instead of directing browsers to a page with an FBI banner, they started dropping Web surfers onto a malicious feed of Web advertisements—some of them laden with malware.
At least 25,000 iOS apps available in Apple’s App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.FURTHER READING1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that’s trivial for hackers to monitor or modify, even when it’s protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).