It's been revealed that Apple recently made a change to the App Store that, while it may not seem like a big deal, actually patches a large hole that was present in its storefront. Security researcher Elie Bursztein revealed today that Apple recently began serving up App Store content using an encrypted HTTPS connection, which patches a vulnerability that Bursztein originally reported to the Cupertino firm in July 2012. As a result of the patch, Bursztein has published a blog entry describing the vulnerability and explaining what it a malicious user could do with it.
Bursztein, who works at a security researcher at Google, explains that since the App Store used to serve up data over an unencrypted HTTP connection, attacks could be carried out on an unsuspecting user when connected to the same public network as him or her. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks: steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intended to get or by showing fake app updates, prevent a person from installing an app by making it disappear from the App Store or force the App Store to show the entire list of apps installed on a device.
When asked about the issue, Apple declined to comment on the matter, so it's not clear exactly why it took the company several months to get it fixed up. The good news is that the situation has been addressed, though, and thankfully Bursztein reported the problem to Apple after discovering it and waited to make the hole public until it was patched. If he hadn't held off on posting the information, malicious users may have actually taken advantage of the security hole and caused quite a headache for Apple. Bursztein has posted some videos that show the App Store holes in action, a couple of which can be found below. More details on the attacks themselves can be found at Bursztein's blog.
Via CNET, Elie Bursztein, Apple