A bug in an older version of AFNetworking, an open source library widely used for adding networking capabilities to iOS and OS X apps, can allow attackers to intercept and decrypt HTTPS traffic between apps and servers, effectively revealing all the sensitive information exchanged, such as passwords, bank account information, and so on.
Your browser may no longer be vulnerable to FREAK attacks, but what about the mobile apps you use? According to FireEye researchers, who have tested the most popular apps both for Android and for iOS, a considerable number of them are left open to a FREAK attack, as they contain vulnerable versions of the OpenSSL and SecureTransport libraries.
Apple has released security updates for OS X and iOS which, among other things, fix the FREAK flaw that may allow an attacker to decrypt secure communications between vulnerable clients and servers.
Open Whisper Systems has released a new version of Signal, its free, open source iOS app for end-to-end encrypted voice calls.
A clever phishing scheme has been spotted targeting users who have had their iPad or iPhone stolen, leading researchers to believe that it has been set up by a criminal group that offers thieves the service of finding out the information necessary to unlock the stolen devices.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.