Mobile app SDKs sport dodgy crypto defaults, set bad examples – updates available
It has been revealed that Adobe's Experience Platform mobile SDKs, used to create apps that interact with the company's cloud services, until recently contained sample configuration files that created insecure default settings.
Developers creating apps that utilize those files as templates or examples could find that their apps have been sending data over the network without SSL protection, making it vulnerable to interception and alteration.
On Wednesday, security biz Nightwatch Cybersecurity disclosed the flaws, with Adobe's blessing, after the Photoshop-slinger published updated SDKs that fix the issue. Nightwatch initially reported the vulnerability to Adobe in March.
The problems arise from a configuration file for the SDKs called ADBMobileConfig.json that gets packaged with the mobile application.
Support the originator by clicking the read the rest link below.
