Malicious code in iOS applications

Will Strafah analyzed related to the IOS applications that are vulnerable to interception quiet (normal) TLS-protected during use of the data. During testing, he confirmed about 76 popular IOS software applications allow a silent man in the middle, to be performed on the compounds which are to be protected TLS (HTTPS), which allows the interception and / or manipulate data in motion.

There are many potential locations along the network path for this class of vulnerability to exploitation for the purpose of intercepting the data. The author describes in detail the methods of attack. From the list of Cisco IOS software applications that are vulnerable to this attack, but represent a low risk for the end user, if intercepted data, can be found here. If you have questions or you need any mobile research app, you can contact the author.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.