If you’re so much an Apple fan that you run Apple Music on Android devices, there’s an upgrade to patch against a man-in-the-middle vulnerability.
Eight months ago, Canadian security researcher David Coomber discovered that Apple Music for Android 1.2.1 and older doesn’t validate the SSL certificates presented when logging into the mobile application and payment servers.
As he writes at Bugtraq, that would allow an attacker to silently collect sensitive user information.
ORIGINAL SOURCE: The Register
The post Apple Finally Teaches Android Music App to Validate Certificates appeared first on IT SECURITY GURU.