Apple Fixes App Store Vulnerability by Adding Encryption to Connections

Google security researcher Elie Bursztein wrote in his blog that he alerted Apple of a possible attack in July last year. He pointed out that an attacker could exploit the use of HTTP to steal the passwords and force the user to install a specific app instead of the one which user was looking for.

The attacker could also make the users upgrade the fake apps and they can scan these apps too. Burstein has explained the mechanism of these attacks via different videos which he published earlier this year. As the number of apps in the App Store is increasing day by day, it has become increasingly vulnerable to the attacks from hackers.

In an Apple Web Server notifications update which was published on 23 February, Apple has fixed the issue. Apple had earlier addressed security issues back in 2010 and updated its security protocols in April 2012 too. Now users have to answer the questions in order to verify their identify when they signs on a new device.