Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple has several apps from the official iOS App Store

Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted. Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers […]

sourmint ios SDK

Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted.

Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers and the mobile devices and monitor users’ data.

“We have removed a “few” apps from the iOS App Store that could install root certificates and allow monitoring your data.” Apple states in an officially advisory.

The mobile apps removed from the Apple store are installing root CA certificates that enable traffic to be intercepted without the user’s knowledge. Any app that installs a CA certificate represents a serious threat to users’ privacy, the practice is used by hacker to hijack traffic and syphon user’s credentials, personal information and credit card data.

apple safari browser 2 ios app store

Apple hasn’t disclosed the name of the apps that had been pulled off the store, but it is known that ad blockers are among those applications that make use root certificates.

“While today’s mobile platforms are harder to crack and exploit, abusing or misusing the trust in CAs and certificates is a ripe opportunity for exploit,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “The OnStar hack to lock/unlock and start/stop GM cars was possible because the GM app did not properly validate security certificates. These developments are why new methods of security—like certificate reputation—that can evaluate if a CA or TLS certificate deserves to be trusted are increasingly becoming popular.”

Apple is giving instructions forHow to delete an app that has a configuration profile on your iPhone, iPad, or iPod touch,” on the official support page.

To remove an app and its configuration profile, follow the steps provided by Apple.

  1. Delete the App.
    • Tap and hold on the app until it jiggles.
    • Then tap   in the upper-left corner of the app to delete it. If you see a message that says, “Deleting [app name] will also delete all of its data,” tap Delete.
  2. Delete the configuration profile that came with the app.
    • Go to Settings > General > Profile, tap on the app’s configuration profile.
    • Then tap Delete Profile. If asked, enter your device passcode, then tap Delete.
  3. Restart your iPhone, iPad, or iPod touch.

Pierluigi Paganini

(Security Affairs – Mobile App, Apple iOS)