Nearly six months ago, Apple was notified of a security flaw in the App Store. The flaw was of a fairly serious nature, yet it’s only now that Apple has finally patched it up by turning on encryption. The flaw emanated from the fact that when a user connected to the App Store, the connection was unencrypted.
An unencrypted connection means that an attacker can intercept the connection between the user and the App Store and then manipulate it to do a whole lot of things. Not only that, once a user connected to the App Store over a Wi-Fi, the whole list of applications installed on his device would become available over the wireless network.
Such a huge vulnerability could have been exploited by a potential hacker to not only swindle an iPhone or iPad user of his money, it would also have allowed him to install really expensive or malicious apps on the victim’s device. All the potential attacker required was to connect to the same Wi-Fi as the user.
Apple has thankfully taken care of this by making the connection to App Store secure. This has been done by serving this connection over HTTPS by default. The flaw was originally floated by Elie Bursztein last year in July. It is quite surprising to note that it took Apple this long to patch the loophole, given the belief that Apple takes the security of its ecosystem really seriously.
Nonetheless, it is good news for the iOS users that they can now connect to the App Store and download apps over a Wi-Fi without any security concerns.
Source: Elie Bursztein