If you’re so much an Apple fan that you run Apple Music on Android devices, there’s an upgrade to patch against a man-in-the-middle vulnerability.
Eight months ago, Canadian security researcher David Coomber discovered that Apple Music for Android 1.2.1 and older doesn’t validate the SSL certificates presented when logging into the mobile application and payment servers.
As he writes at Bugtraq, that would allow an attacker to silently collect sensitive user information.
View full story
ORIGINAL SOURCE: The Register