PayPal app has huge security flaw, update rushed to Apple
You'd think by now we'd all be wary of open WiFi networks, and luckily that's the only way this could affect you, but if you use the PayPal app on an open network the Wall Street Journal is reporting a hacker could potentially nab your user account.
According to the story, the app doesn't verify your security certificate (which is kind of the point of the certificate, no?) and goes along its merry way, transmitting your data to PayPal in a way that a fortuitous ne'er do well could intercept. Still, as the WSJ points out, a hacker would have to be poised and ready to take advantage of this exploit. I doubt you're sitting around in that app for hours while sipping your latte at Starbucks, right?
The app in the store shows the last update was October 26, but the WSJ reports a fixed version has been sent to Apple. We've reached out to PayPal to see if the updated app is available yet, but haven't heard back. For now, if you must use this app in public, turn off WiFi to avoid the exploit. This issue does not affect users of the PayPal Android app or visitors to the website.
Update: Looks like version 3.0.1 arrived shortly after we posted this. PayPal away in relative security, everyone!
Software Updatesmore updates
- Apple Remote Desktop updated with Yosemite support
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter