Users who do not use iOS’ automatic updates feature should get the updates for Experian – Free Credit Report and myFICO Mobile. According to 9to5Mac, a security weakness identified by Verify.ly could have allowed attackers to obtain user login information on older versions of the clients. The security holes have been fixed after the companies were made aware of the vulnerabilities.
Experian – Free Credit Report and myFICO Mobile are both financial applications that inform users of their credit report and information. Will Strafach, founder of Verify.ly, told 9to5Mac a month ago that Verify.ly had discovered weaknesses in Experian’s and myFICO’s applications, which had not been using proper authentication methods when connecting to their services. This had allowed attackers to intercept user login credentials.
Both Experian – Free Credit Report and myFICO Mobile have been updated to fix the weaknesses. The details of the problem were that both applications were using incomplete TLS implementations. TLS is a security protocol that ensures encrypted data when communicating over the internet.
Normally, the TLS implementation ensures that the user’s login credentials and data are encrypted and securely sent over the internet to avoid interception by an attacker. The TLS protocol validates the client, but Experian’s and myFICO’s applications were not confirming the validity of the certificates and could have allowed an attacker to obtain users’ credentials when connected to a malicious network.
9to5Mac recommends changing your account passwords and any other accounts with the same user credentials and considering using a password manager, such as LastPass or 1Password, which increases the level of security.