has uncovered a critical security flaw in the latest version of its iPhone application
, that it released last week. This flaw allows a hacker to access users' accounts, and their account passwords -- and stems from the fact that the app doesn't check the authenticity of the digital certificate for PayPal's website while communicating with it. For someone to be able to access your data, you'd have to be using the app on an unsecured Wi-Fi network and they would have to pretty much have embarked on a fishing expedition across that hotspot, but it can be done. Someone with malicious intent may then pose as PayPal and the app wouldn't know the difference.
PayPal discovered the issue late last night and has already sent a patched version of its app to Apple for approval. It should become available in the iTunes App Store
shortly. A PayPal spokeswoman said that the flaw doesn't seem to have affected anyone (yet?).