Submitted by Bob Bhatnagar on
Both Facebook and Dropbox raised eyebrows this week when a security flaw was discovered that could reveal iOS users' personal data. The good news is that both companies are working on a patch to correct the security hole. In addition, the threat of your information actually being stolen is low.
The flaw enables access to personal data only if the malicious person going after your data has physical access to your iPhone or iPad. When it comes to Facebook, the issue revolves around use of a plain text file known as a .plist to store sensitive login information. Copying the file to another iOS device enables access to the victim's account using the Facebook app.
The .plist file for these at-risk apps is stored in a location on the iPhone that can easily be accessed by creating a backup of the device using iTunes. The .plist file could then be extracted using computer software such as iExplorer.
In the meantime, encrypting backups in iTunes improves security for sensitive app information stored on your iOS device. And it goes without saying that setting a passcode will greatly reduce the chances of your personal data being compromised should you lose possession of your device.
There are currently no reports of anyone using this method for malicious purposes. Unless your iOS devices has been lost or stolen, there's really nothing to worry about here, although the security fixes in the works are welcome improvements to both apps.