Your one-stop web resource providing safety and security information to manufacturers

Tumblr released a “very important” security update for the iPhone and iPad apps to address a vulnerability attackers could exploit to compromise passwords.

Tumblr, owned by Yahoo, said those who have been using these apps should change their passwords on Tumblr and on other services where they utilize the same passphrase.

Code Injection Holes in iOS Apps
Apple updates Safari, Java
New Apple Security Hole
Apple Fixes iOS Bugs

Tumblr has not the details of the vulnerability public, but the company said the passwords could have been “sniffed in transit on certain versions of the app.”

The iOS apps failed to log in users through a secure connection, thus allowing cybercriminals to intercept plain text passwords by sniffing the network traffic, security researchers said.

Schneider Bold

Such vulnerabilities can be dangerous since quite a few users connect to their social media accounts via unsecure public Wi-Fi networks.

Pin It on Pinterest

Share This