You are using an outdated browser. Please upgrade your browser to improve your experience.
Report: CNN App for iPhone has a security flaw that exposes login info

Report: CNN App for iPhone has a security flaw that exposes login info

July 23, 2014
Updated: A new app update has corrected this problem. Original post: If you’re a CNN iReporter, we’ve got some important news for you. Zscaler Research has announced that the current version of the CNN App for iPhone includes a dangerous security flaw. At issue is how passwords are handled for iReporter accounts. These are sent in clear text and are unencrypted.

They note:

While this is always a problem, it's especially concerning that this relates to functionality which permits people to anonymously submit news stories to CNN. This occurs both when a user first creates their iReport account and during any subsequent logins.

CNN for iPhone 2.3 was released on the App Store on July 11.


Zscaler concludes:

End users must rely on both the app developers and app store gatekeepers to prevent such flaws from being exposed in the first place. This vulnerability could easily have been caught by Apple during the vetting process that they subject new applications to before including them in the app store, but our research has shown us that Apple and Google simply aren’t looking for these basic security vulnerabilities.

For the time being, AppAdvice suggests that iReporters hold off using the CNN App for iPhone until a fix is released. Given the Zscaler Research report that fix should be released sooner rather than later.

Mentioned apps

CNN App for iPhone
CNN App for iPhone
CNN Interactive Group, Inc.

Related articles