PayPal Races To Fix IPhone App Security Flaw
Internet-payment provider PayPal said its iPhone application contained a security flaw that could allow a hacker to access users’ accounts and has rushed out an update to correct the problem.
The hole stems from the app’s failure to confirm the authenticity of PayPal’s website when communicating over the Internet–a basic lapse that the security researcher who found the flaw said would allow someone to intercept passwords from unsuspecting users.
PayPal spokeswoman Amanda Pires said the eBay Inc. unit verified the vulnerability Tuesday night and has fixed the problem after being notified by The Wall Street Journal. PayPal sent the fixed version of the app to Apple Inc.’s App Store. “To my knowledge it has not affected anybody,” Ms. Pires said. “We’ve never had an issue with our app until now.”
A hacker would need skill and luck to make use of the vulnerability, which only affects users of the iPhone app connecting over unsecured Wi-Fi networks. It doesn’t affect the company’s Android app or users of the PayPal.com website.