Tumblr, the popular microblogging and social networking portal, has released an emergency patch for its iOS application. The patch will address "an issue that allowed passwords to be compromised in certain circumstance." For precaution, the company also advised users to change their passwords.
The Register reported on this security issue when one of their sources discovered this security flaw of the Tumblr iOS application during a security audit. The person was in charge of screening iOS applications that are safe for use on their corporate smartphones. He inadvertently discovered Tumblr's iOS application "failed to log users in through a secure (SSL) server...."
As a result, the user's Tumblr authentication information, which is sent in plain text, can be easily tapped from any unsecured Wi-Fi network he is connected to. Granted, the hacker needs to be on the same wireless network as the user, and at the same time, utilize a data packet analysis software to extract the user's information. The person who discovered this security flaw only approached The Register after he claimed that Tumblr failed to respond to his warning.
However, the company has already issued an emergency patch to address this security issue, and for added precaution, Tumblr has advised all users of its iOS application to change their passwords. For more information on this patch, please head over to Tumblr's official blog here.