Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Early March Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities I found.
Attacks included Password stealing, App swapping, App fake upgrade, Preventing application installation, and Privacy leak — All made possible by simply intercepting and manipulating the HTML that’s being used by the App Store app.
May this be a lesson for all those offering services out there to enable SSL and route all traffic over HTTPS.