While updating my iPhone apps earlier today, I noticed an update for the PayPal iPhone app – version 3.0.1. When I read the changelog or update details, it mentioned that the version included an important security update. It didn’t specify what type of security update so I decided to do a little research. Found out from CNET that the update was a patch for a security hole in the iPhone app.
The now patched security flaw could have allowed malicious users to do a “man-in-the-middle” attack, tricking users into thinking that they’re accessing the real PayPal site when actually they aren’t and intercept transaction data sent between the iPhone and a Wi-Fi hotspot. This can happen when PayPal users access their account using an unsecured Wi-Fi network.
Aside from patching the security flaw on the iPhone app, PayPal has also announced that it will provide a 100% reimbursement for any fraudulent activity caused by the flaw.
If you have the PayPal app on your iPhone, make sure that you immediately upgrade to the latest version. If you haven’t, do not access your account until you’ve installed the update. And just to be sure, avoid or never access your PayPal or bank account on your mobile device over an unsecured Wi-Fi network.
The latest version of the Paypal iPhone app is now available in the App Store.
[via CNET News]