Developer Elie Burzstein has noted that Apple last week enabled HTTPS — a form of secure connection — for the App Store, and has thus fixed various security issues that could have resulted in malicious hackers stealing passwords and other information from unsuspecting consumer browsing the App Store.
Those issues were apparently reported as early as July of last year, so the fix comes quite a bit later than many would have hoped. Regardless, there haven’t been any reports of passwords being stolen through this hole, so it would appear that no substantial damage has been done.
Burzstein has more information about the potential security risks, as well as the technical details behind such an attack. The blog post is certainly more for the technical minded people out there, and includes various code snippets. Burzstein concludes with the following advice to everyone:
I decided to render those attacks public, in the hope that it will lead more developpers (in particular mobile ones) to enable HTTPS. Enabling HTTPS and ensuring certificates validity is the most important thing you can do to secure your app communication. Please don’t let your users down and do the right thing: use HTTPS!