PayPal rushes fix to leaky iPhone app

PayPal rushed out a fix on Wednesday for its iPhone app after learning that it contained a flaw that could be used by hackers to trick PayPal users into divulging their account information.

The authentication vulnerability in PayPal's iPhone app could have allowed someone to conduct what is called a 'man-in-the-middle' attack, PayPal spokesman Anuj Nayar told ZDNet UK's sister site CNET News. In such an attack, people who happen to be accessing their PayPal accounts over an unsecured Wi-Fi network could be tricked into thinking they are on the legitimate PayPal site when they are not.

Only PayPal's iPhone app, which has been downloaded more than 4 million times, is affected; the Android app and the company's website are unaffected, Nayar said. iPhone users will have to download the update from the iPhone app store to secure their phones. "We don't believe any customers have been affected at all, and if there were any affected, they would be 100 percent covered by PayPal," he said.

For more on this story, read PayPal fixes security hole in iPhone app on CNET News.