A security hole discovered in the Paypal app for the iPhone/iPod touch has quickly been filled. Late last night, the eBay Inc. unit discovered a flaw that could have allowed a hacker to intercept users’ passwords. By this morning, an update was made available in the App Store.
According to The Wall Street Journal:
The PayPal hole results from the app’s failure to verify the digital certificate for the payment service’s website. Such certificates function as electronic ID cards that let a user’s device know a website is legitimate.
Without that confirmation, a hacker could electronically step between a user and PayPal, pretend to be the PayPal website and gather usernames and passwords. The hacker would need to be in the same physical location as the user or have gained access to the same Wi-Fi network.
Users are encouraged to download the free Paypal app update before using it again.