PayPal app has huge security flaw, update rushed to Apple
You'd think by now we'd all be wary of open WiFi networks, and luckily that's the only way this could affect you, but if you use the PayPal app on an open network the Wall Street Journal is reporting a hacker could potentially nab your user account.
According to the story, the app doesn't verify your security certificate (which is kind of the point of the certificate, no?) and goes along its merry way, transmitting your data to PayPal in a way that a fortuitous ne'er do well could intercept. Still, as the WSJ points out, a hacker would have to be poised and ready to take advantage of this exploit. I doubt you're sitting around in that app for hours while sipping your latte at Starbucks, right?
The app in the store shows the last update was October 26, but the WSJ reports a fixed version has been sent to Apple. We've reached out to PayPal to see if the updated app is available yet, but haven't heard back. For now, if you must use this app in public, turn off WiFi to avoid the exploit. This issue does not affect users of the PayPal Android app or visitors to the website.
Update: Looks like version 3.0.1 arrived shortly after we posted this. PayPal away in relative security, everyone!
Subscribe to Newsletter
Software Updatesmore updates
- Yahoo Mail improves email inbox searching with new filtering options
- Ember for Mac gains 'hugely-requested' screen recording feature
- Spotify update adds equalizer, refreshed Artist page and more
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync
- Apple adds iTunes Extras to Apple TV