R Ju2ljgAt least 76 popular iOS apps have been found to be vulnerable to data inception, according to a report from a security expert.

The discovery was made by app binary code scanning service verify.ly and published in a Medium post by Sudo Security Group CEO Will Strafach, who revealed that the apps failed to make use of the Transport Layer Security protocol.

The TLS protocol secures communication between client and server. Without the protection, the apps are susceptible to data interception by an attacker with access to custom hardware such as modified smartphone, which can be used to initiate TLS certificate injection attacks. The interception is possible regardless of whether the developers chose to use Apple networking security feature, App Transport Security.

The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use. This can be anywhere in public, or even within your home if an attacker can get within close range.

There is no possible fix to be made on Apple's side, because if they were to override this functionality in attempt to block this security issue, it would actually make some iOS applications less secure as they would not be able to utilize certificate pinning for their connections, and they could not trust otherwise untrusted certificates which may be required for intranet connections within an enterprise using an in-house PKI. Therefore, the onus rests solely on app developers themselves to ensure their apps are not vulnerable.

Apps in the vulnerable list included a number of popular downloads like third-party Snapchat apps, the official app for Vice News, and banking apps for banks based in Puerto Rico and Libya.

Strafach sorted the 76 apps into low, medium, and high risk categories, and says he is reaching out to developers to fix the problems before disclosing the most high-risk apps in the list. According to Strafach, more than 18,000,000 downloads of the vulnerable app versions have been downloaded from the App Store.

Until the issues are dealt with, Strafach advises users of the apps to avoid accessing them over Wi-Fi, as it's harder to exploit the vulnerabilities over a cellular network.

Tags: App Store, Security

Top Rated Comments

Kabeyun Avatar
Kabeyun
115 months ago
For the tl;dr crowd, the medium and high security risk app list won't be published for 60-90 days to give the devs time to mitigate the exploit. Bookmark the page and check back then!
This shows us, again, that Apple's scrutiny is far from perfect. In the mean time use VPN.
Not really, or at least this is a misleading statement. Obscure networking attacks are hardly particular to Apple devices. That's what bug bounties and security updates are for in all OS's. But if you prefer the wild west of the uncurated Google play store, go right ahead. But I agree with using a VPN service. Anyone who's fool enough to conduct financial transactions on an open WiFi network...
Score: 7 Votes (Like | Disagree)
Kabeyun Avatar
Kabeyun
115 months ago
There is nothing wrong or misleading about the fact that Apple missed it, and since security is important to all of us... that is why Apple should have caught the problem long before security researchers do (did in this specific case).
Respectfully disagree. The headline, "15,000 Ford cars involved in accidents this year" implies that there's something about Fords that's a particular problem. It may be true that app clearinghouses like Apple's App Store should scrutinize every line of submitted code, but it's misleading to suggest that this is a particularly Apple problem.
Score: 2 Votes (Like | Disagree)
nwcs Avatar
nwcs
115 months ago
Very much expected. Security is a moving target for both developers and consumers. What may be totally secure today could be insecure tomorrow. As for TLS, only TLS 1.2 is currently secure so it's using the right version at the right time. You also have to stay on top of third party libraries and think like an attacker. Troy Hunt shows how easy it is to break the security of a lot of apps. The problem is people don't think like an attacker and so miss critical areas.
Score: 1 Votes (Like | Disagree)
I7guy Avatar
I7guy
115 months ago
Maybe Apple's screeners shoulda woulda coulda, but it's completely fair for Apple to advertise iOS as safest and macOS as most secure vs major competitors. No guarantees ever, they don't claim it, and people don't expect a guarantee.

This problem exists in an order of magnitude greater numbers ('https://www.fireeye.com/blog/threat-research/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html') in Google Play. Your position seems to be that Apple has no right to market its more secure App Store as more secure unless is can guarantee zero exploits. Sure, bad stuff can get through, but if your main concern is the safety of offerings, you'll pick the App Store over Google Play every time. Inversely, Google isn't absolved of dealing with appsec just because they don't advertise it as an asset.
I'm not sure why apple can't advertise ios as safe, given the millions of apps in the app store, some small percentage have vulnerability issue. Absolute security is not a destination it's a process. In the same way a 5 start auto rating by NHTSA does not mean no deaths in accidents for that vehicle.

On another note, I'm going to start using LTE more instead of wifi.
Score: 1 Votes (Like | Disagree)
Kabeyun Avatar
Kabeyun
115 months ago
I'm not sure why apple can't advertise ios as safe, given the millions of apps in the app store, some small percentage have vulnerability issue. Absolute security is not a destination it's a process. In the same way a 5 start auto rating by NHTSA does not mean no deaths in accidents for that vehicle.

On another note, I'm going to start using LTE more instead of wifi.
I knew there was a better car analogy somewhere!

Cellular is better, at least compared to open WiFi, but get a respected VPN service if you take security seriously.
Score: 1 Votes (Like | Disagree)
Bokito Avatar
Bokito
115 months ago
This is pretty insane. Banking apps without (proper) TLS connection? You've gotta be ******** me.

In the western world banks (or other companies using sensitive data) would immediately be penalized for not securing their users data (and would likely lose a whole lot of customers).
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article75 comments
Google maps feaure

Google Maps Quietly Added This Long-Overdue Feature for Drivers

Wednesday December 10, 2025 2:52 am PST by
Google Maps on iOS quietly gained a new feature recently that automatically recognizes where you've parked your vehicle and saves the location for you. Announced on LinkedIn by Rio Akasaka, Google Maps' senior product manager, the new feature auto-detects your parked location even if you don't use the parking pin function, saves it for up to 48 hours, and then automatically removes it once...
Read Full Article41 comments
Foldable iPhone 2023 Feature 1

Apple to Make More Foldable iPhones Than Expected [Updated]

Tuesday December 9, 2025 9:59 am PST by
Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports. In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million...
Read Full Article111 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods Pro 3

Thursday December 11, 2025 11:28 am PST by
Apple today released new firmware designed for the AirPods Pro 3 and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B30, up from 8B25, while the AirPods Pro 2 firmware is 8B28, up from 8B21. There's no word on what's include in the updated firmware, but the AirPods Pro 2 and AirPods Pro 3 are getting expanded support for Live Translation in the European Union in iOS...
Read Full Article38 comments
iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article53 comments
AirTag 2 Mock Feature

Apple AirTag 2: Four New Features Found in iOS 26 Code

Thursday December 11, 2025 10:31 am PST by
The AirTag 2 will include a handful of new features that will improve tracking capabilities, according to a new report from Macworld. The site says that it was able to access an internal build of iOS 26, which includes references to multiple unreleased products. Here's what's supposedly coming: An improved pairing process, though no details were provided. AirTag pairing is already...
Read Full Article28 comments
iOS 26

Apple Seeds Second iOS 26.2 Release Candidate to Developers and Public Beta Testers

Monday December 8, 2025 10:18 am PST by
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found. Registered developers and public beta testers can download the betas from the Settings app on...
Read Full Article62 comments
iPhone 14 Pro Dynamic Island

iPhone 18 Pro Leak Adds New Evidence for Under-Display Face ID

Monday December 8, 2025 4:54 am PST by
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker. According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Read Full Article80 comments
ipad blue prime day

iPad 12 Rumored to Get iPhone 17's A19 Chip, Breaking Apple Tradition

Wednesday December 10, 2025 12:22 pm PST by
The next-generation low-cost iPad will use Apple's A19 chip, according to a report from Macworld. Macworld claims to have seen an "internal Apple code document" with information about the 2026 iPad lineup. Prior documentation discovered by MacRumors suggested that the iPad 12 would be equipped with an A18 chip, not an A19 chip. The A19 chip was just released this year in the iPhone 17, and...
Read Full Article67 comments
studio display purple

Apple Studio Display 2 Code Hints at 120Hz ProMotion, HDR, A19 Chip

Thursday December 11, 2025 4:19 am PST by
Apple's next-generation Studio Display is expected to arrive early next year, and a new report allegedly provides a couple more details on the external monitor's capabilities. According to internal Apple code seen by Macworld, the new external display will feature a variable refresh rate capable of up to 120Hz – aka ProMotion – as well as support for HDR content. The current Studio...
Read Full Article169 comments