MUST READ

SAP September 2025 Patch Day fixed 4 critical flaws

 | 

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

 | 

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

 | 

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Mobile apps security study conducted by HP Fortify

Pierluigi Paganini November 25, 2013

A study conducted by company’s enterprise security arm HP Fortify revealed that the majority of  mobile apps based on iOS is vulnerable.

The company’s enterprise security arm HP Fortify conducted a series of tests on mobile apps that produced concerning results, almost every app is vulnerable.

Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify HP confirmed that around 71% of the vulnerabilities were related to the server end of the mobile apps.

Most of the flaws found are common problems like SQL injection and cross-site scripting exactly as most popular web application vulnerabilities.

The study revealed that nearly 90% have at least one security flaw, the research evaluated 2,107 applications designed by 601 companies on the Forbes Global 2000 based on iOS.

The security specialists grouped the security vulnerabilities in four categories:

  • 86% of mobile apps lacked of sufficient security measures to protect private data (e.g. Address books, User data).
  • 86% of mobile apps tested lacked binary hardening protection, these apps have resulted vulnerable to certain attacks, including buffer overflows, jailbreak detection and path disclosure.
  • 75% of mobile apps did implement data encryption for storage operations, the application stored in clear text also personal data like passwords, personal documents and chat logs.
  • 18% of mobile apps transmitted data over the network without using SSL encryption, but what is also concerning is that another 18% of apps used SSL incorrectly. In both cases resulted that private data was transmitted in the clear or anyway accessible by an attacker that share same network connection, the typical scenario of open Wifi present in public places.

The problem of security for mobile apps is crucial especially for enterprises that have to manage also the promiscuous use of their mobile devices. The vulnerabilities found are easy to fix but there is a dangerous trend to underestimate them with serious consequences.

Mobile Apps Security2

Despite the tests have been conducted only on iOS mobile apps, HP experts say that there is good reason to believe the same flaw exist for Android.

It’s time to increase security by design for mobile apps, there is the need to follow best practices in mobile app development to avoid that the mobile platform will became the hackers’ paradise.

Pierluigi Paganini

(Security Affairs –  Mobile apps, Security)

 

Cross-Site Scripting cyber espionage Hacking HP Fortify mobile mobile apps security SQL injection

you might also like

Pierluigi Paganini September 09, 2025
SAP September 2025 Patch Day fixed 4 critical flaws
Read more
Pierluigi Paganini September 09, 2025
Supply chain attack targets npm, +2 Billion weekly npm downloads exposed
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SAP September 2025 Patch Day fixed 4 critical flaws

Security / September 09, 2025

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

Security / September 09, 2025

LunaLock Ransomware threatens victims by feeding stolen data to AI models

Malware / September 09, 2025

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

Hacking / September 08, 2025

Canadian investment platform Wealthsimple disclosed a data breach

Data Breach / September 08, 2025