April 7, 2015

Posted in:


Duo Security Announces Vulnerability (and Fix) in Application for iOS Devices

For users of Duo on the Apple iOS devices, it is time to update your app.

On the evening of April 6th, 2015 Duo Security issued a public service announcement (DUO-PSA-2015-002) identifying that their product, prior to version 3.7.1 was vulnerable to a man-in-the-middle (MITM) attack. Thankfully, they have simultaneously announced that the fix was downloadable and available for installation.

A MITM attack is one in which an attacker intercepts the communications between your iOS device and the server / system you are communicating with and piggybacks upon your communication, in essence impersonating a valid user. In doing so, the attacker can gain access to whatever the holder of the iOS device can gain access to.

Duo has identified that the security hole was patched or fixed in version 3.7.1 and is urging users of the iOS devices and Duo to update through the iTunes App Store as soon as possible.

The vulnerability does not exist in other device applications, such as on Androids, Windows laptops or similar devices.

If you have any further questions or need additional details, please contact the Edge Hosting security team at security@edgehosting.com.

Go back