Now news is that Apple has 'finally' fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.
The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi, says Declan McCullagh at C|net.
Security researcher Elie Bursztein discovered the vulnerability and reported it to Apple last July. Apple fixed the problem in a recent update that said "content is now served over HTTPS by default." Apple also thanked Bernhard Brehm of Recurity Labs and Rahul Iyer of Bejoi.
Bursztein's blog post comes a day after Apple's marketing chief, Phil Schiller, took a security-related swipe at Google on Twitter by pointing to a report on the rise of Android malware.
Read more about it at: C|net