

Apple’s security vulnerability and Level’s first response - jakefuentes
http://blog.levelmoney.com/post/77928818018/apples-security-vulnerability-and-levels-first

======
cheald
This seems reasonable (and is certainly much better than doing nothing), but
it seems like you could have an even more comprehensive solution by just
replacing usage of the system SSL/TLS with usage of SSL/TLS against a copy of
OpenSSL shipped with the app, no?

I haven't done any iOS dev, so perhaps this isn't feasible, but that puts
responsibility for and control of the security of your app entirely in your
own hands; is there a reason that it wouldn't be desirable to go that route?

