| English: A black version of an emblem used by iOS app developers to indicate that something is available for download from the App Store. It has a image of an iPhone and reads “Available on the App Store”. (Photo credit: Wikipedia) |
A security Flaw was in Apple iOs store from years which allowed attackers to steal the passwords and could install unwanted or expensive applications and this Flaw was founded by a Google developer Elie Burszteinand he helped Apple to fixed that security Flaw in their application store.
Actually this Flaw allow attackers to Hijack the connection, because Apple always neglected to use the encryption when iPhone or any other mobile phone tries to connect to the App store.
Elie Bursztein also said in his blog that after this flaw he alerted the Apple but the Apple only turned on the HTTPS for the app store.
What is Process of this Flaw?
We can tell you in short that how it can be done , An attacker only should be on the same network on which victim is and from there attacker can intercept the communications and insert his own commands.
What can Attacker do more?
- Steal the Passwords
- Forcing to purchase an app by swapping it with a different app that the buyer actually intented to get or by showing fake app updates
- Prevent the victim to install an app
