Next Tuesday, at the RSA Europe 2013 Conference in Amsterdam, we are going to uncover a new coding pitfall affecting iOS apps. We call it HTTP Request Hijacking (HRH), and it may allow hackers to alter the behavior and content of such applications.
Unlike most vulnerabilities, where a responsible disclosure could be made to the vendor in charge of the vulnerable app, HTTP Request Hijacking affects a staggering number of iOS applications, rendering the attempt to alert vendors in a non-public fashion virtually impossible.
During the session, Yair Amit and Adi Sharabani will perform a demonstration of the vulnerability and provide clear remediation instructions, in order to allow vendors to respond quickly and easily patch their applications against this kind of attacks.
Since we want as many applications as possible patched before real exploits begin appearing in the wild, this post is intended to alert as many iOS developers as possible to the discussion and presentation on Tuesday.
Detailed technical information for remediating the issue will be released on Tuesday, October 29th 8AM EST, both on this blog and during the RSA presentation.