Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

PayPal rushes to fix a critical security flaw in its latest iPhone app

PayPal for iPhone screenshotPayPal has uncovered a critical security flaw in the latest version of its iPhone application, that it released last week. This flaw allows a hacker to access users' accounts, and their account passwords -- and stems from the fact that the app doesn't check the authenticity of the digital certificate for PayPal's website while communicating with it. For someone to be able to access your data, you'd have to be using the app on an unsecured Wi-Fi network and they would have to pretty much have embarked on a fishing expedition across that hotspot, but it can be done. Someone with malicious intent may then pose as PayPal and the app wouldn't know the difference.

PayPal discovered the issue late last night and has already sent a patched version of its app to Apple for approval. It should become available in the iTunes App Store shortly. A PayPal spokeswoman said that the flaw doesn't seem to have affected anyone (yet?).

[via WSJ]

Tags: iphone app, iPhone Application, iPhone Applications, iPhone Apps, IphoneApp, IphoneApplication, IphoneApplications, IphoneApps, mobile, mobile app, mobile apps, MobileApp, MobileApps, paypal, paypal mobile, PaypalMobile