Apple Clips iOS Application - Insecure Transport
Overview
"Clips is a free app for making fun videos to share with friends and family. With a few taps you can create vertical and horizontal videos with immersive camera effects, artistic filters, dynamic music, animated text,
emoji, stickers, and more."
(https://apps.apple.com/us/app/clips/id1212699939)
Issue
The Apple Clips iOS application (version 3.1.2 and below) sends traffic unencrypted via HTTP.
Impact
An attacker who can sniff network traffic could capture or potentially modify sensitive information without the user's knowledge.
Timeline
December 15, 2021 - Notified Apple via product-security@apple.com
December 15, 2021 - Apple sent an auto acknowledgment
April 1, 2022 - Apple confirmed the vulnerability
October 24, 2022 - Apple released version 3.1.3 which sends network traffic via HTTPS
September 27, 2023 - Published an advisory to document the issue
Solution
Upgrade to version 3.1.3 or later
Questions?
Contact Information