PayPal app has huge security flaw, update rushed to Apple
You'd think by now we'd all be wary of open WiFi networks, and luckily that's the only way this could affect you, but if you use the PayPal app on an open network the Wall Street Journal is reporting a hacker could potentially nab your user account.
According to the story, the app doesn't verify your security certificate (which is kind of the point of the certificate, no?) and goes along its merry way, transmitting your data to PayPal in a way that a fortuitous ne'er do well could intercept. Still, as the WSJ points out, a hacker would have to be poised and ready to take advantage of this exploit. I doubt you're sitting around in that app for hours while sipping your latte at Starbucks, right?
The app in the store shows the last update was October 26, but the WSJ reports a fixed version has been sent to Apple. We've reached out to PayPal to see if the updated app is available yet, but haven't heard back. For now, if you must use this app in public, turn off WiFi to avoid the exploit. This issue does not affect users of the PayPal Android app or visitors to the website.
Update: Looks like version 3.0.1 arrived shortly after we posted this. PayPal away in relative security, everyone!
Deals of the Daymore deals
Software Updatesmore updates
- Microsoft Office for Mac 2011 Update 14.3.4
- Pixelmator 2.2 available with over 100 new features and improvements
- DabKick for iPhone lets you share photos, watch videos and now listen to music in real-time
- Google Now added to search app on iPhone, iPad
- GateGuru for iPhone has been updated and greatly improved
- Twitter updates its OS X client