http://o.aolcdn.com/dims-shared/dims3/GLOB/crop/4000x2667+0+0/resize/630x420!/format/jpg/quality/85/http://hss-prod.hss.aol.com/hss/storage/midas/25fbc622c0028dea3404e442fe2bf72b/201558499/109214660.jpg (http://www.engadget.com/2015/04/21/1-500-ios-apps-are-vulnerable-to-an-https-crippling-bug/)
According to analytics service SourceDNA, nearly 1,500 iPhone and iPad apps currently available in the App Store include a bug that breaks HTTPS (http://www.engadget.com/2015/02/24/what-you-need-to-know-about-http-2/). This could leave users' sensitive personal information exposed to hackers. Analysts have identified an out-of-date version of open-source code library AFNetworking as the source of the vulnerability. The library itself has already been patched, however, many apps are still using the older, insecure version. "We tested the app on a real device and, unexpectedly, we found that all the SSL traffic (http://www.engadget.com/2015/03/04/freak-flaw-ios-android-ssl-bug/) could be regularly intercepted through a proxy like Burp without any intervention," researchers Simone Bovi and Mauro Gentile wrote (http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html)in March (http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html).

http://www.engadget.com/2015/04/21/1-500-ios-apps-are-vulnerable-to-an-https-crippling-bug/