PayPal app has huge security flaw, update rushed to Apple
You'd think by now we'd all be wary of open WiFi networks, and luckily that's the only way this could affect you, but if you use the PayPal app on an open network the Wall Street Journal is reporting a hacker could potentially nab your user account.
According to the story, the app doesn't verify your security certificate (which is kind of the point of the certificate, no?) and goes along its merry way, transmitting your data to PayPal in a way that a fortuitous ne'er do well could intercept. Still, as the WSJ points out, a hacker would have to be poised and ready to take advantage of this exploit. I doubt you're sitting around in that app for hours while sipping your latte at Starbucks, right?
The app in the store shows the last update was October 26, but the WSJ reports a fixed version has been sent to Apple. We've reached out to PayPal to see if the updated app is available yet, but haven't heard back. For now, if you must use this app in public, turn off WiFi to avoid the exploit. This issue does not affect users of the PayPal Android app or visitors to the website.
Update: Looks like version 3.0.1 arrived shortly after we posted this. PayPal away in relative security, everyone!
Subscribe to Newsletter
Software Updatesmore updates
- IFTTT adds a location channel to its iOS App
- Plants vs. Zombies 2 gets upgraded map, more 'cool' stuff
- Remote Desktop update brings OS X Mavericks support and improved multi-display support
- Valve revamps Steam Mobile for iOS
- Google Drive iOS app finally lets you sort items and find and replace in documents
- Viber announces Viber Out calls for iOS, goes head to head with Skype