Skip to content

Instantly share code, notes, and snippets.

View fkuehne's full-sized avatar

Felix Paul Kühne fkuehne

View GitHub Profile
@AlamofireSoftwareFoundation
AlamofireSoftwareFoundation / alamofire-04-27-2015-statement.md
Last active January 10, 2020 06:25
A response to recent concerns about security vulnerabilities in AFNetworking

Last week, a number of publications ran a story about 1,000's of apps allegedly being vulnerable due to an SSL bug in AFNetworking. These articles contain a number of inaccurate and misleading statements on this matter.

We are publishing this response to clarify and correct these statements.

Background Information

For those not familiar with AFNetworking, here are some relevant details about the library for this story:

  • AFNetworking is an open source, third-party library that provides convenience functionality on top of Apple's built-in frameworks.
  • One component of AFNetworking is AFSecurityPolicy, which handles authentication challenges according to a policy configured by the application. This includes the evaluation of X.509 certificates which servers send back when connecting over HTTPS.