

Finding Every Vulnerable App in the App Store - NateLawson
http://sourcedna.com/blog/20150420/afnetworking-vulnerability.html

======
NateLawson
Recently, the popular iOS open-source library AFNetworking had a critical flaw
in its SSL implementation. A coffee shop attacker using the same WiFi network
as you could intercept and intrude on any vulnerable app's traffic using a
standard web proxy.

At SourceDNA, we've been scanning apps from the appstores, identifying the
libraries they're using and tools they were built with. It's really cool to
have a searchable database of millions of apps at your fingertips, along with
in-depth code analyses like their callgraphs. This made it easy for us to look
up which apps were using AFNetworking and, in particular, the vulnerable
version of AFNetworking (2.5.1).

We have released a new service, Searchlight, which allows developers to look
up their apps to see if they're vulnerable to this flaw. You can also enter
your email address and we'll continue to monitor your apps and send you future
vulnerabilities SourceDNA finds. (Yes, we've already got more flaws in the
queue to tell you about!)

[http://searchlight.sourcedna.com](http://searchlight.sourcedna.com)

I'm happy to answer questions here about how this works or what we can do.
Thanks.

