1 comment

[ 4.6 ms ] story [ 9.3 ms ] thread
Recently, the popular iOS open-source library AFNetworking had a critical flaw in its SSL implementation. A coffee shop attacker using the same WiFi network as you could intercept and intrude on any vulnerable app's traffic using a standard web proxy.

At SourceDNA, we've been scanning apps from the appstores, identifying the libraries they're using and tools they were built with. It's really cool to have a searchable database of millions of apps at your fingertips, along with in-depth code analyses like their callgraphs. This made it easy for us to look up which apps were using AFNetworking and, in particular, the vulnerable version of AFNetworking (2.5.1).

We have released a new service, Searchlight, which allows developers to look up their apps to see if they're vulnerable to this flaw. You can also enter your email address and we'll continue to monitor your apps and send you future vulnerabilities SourceDNA finds. (Yes, we've already got more flaws in the queue to tell you about!)

http://searchlight.sourcedna.com

I'm happy to answer questions here about how this works or what we can do. Thanks.