Tumblr updates iOS app, fixes important potential password security issue

Tumblr updates iOS app, fixes potential password security issue

Tumblr for iOS has been updated with an important security fix. According to Tumblr's blog post, there was an issue in the app that allowed for a user's password to be compromised in certain circumstances.

While Tumblr has not yet released the full details of the bug, iMore was able to independently confirm a security issue in version 3.4 of the Tumblr app with logging users in. Specifically, when a user logs in, the request containing their username and password is sent in plaintext over HTTP rather than being sent securely over HTTPS. This means that if a person logs in while on an unsecured wireless network, another person on that network could sniff their traffic and acquire their username and password. All users should update to version 3.4.1 which fixes the bug. Tumblr also encourages all users to change their Tumblr password in case it was compromised.

Tumblr isn't the first app to have a bug like this, but it is notable that they apparently fixed the bug immediately after learning about it.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts



← Previously

MacBreak Weekly 359: Hamburger, Buttons and Basements

Next up →

Google Maps SDK for iOS updated, gives developers street view and indoor maps for their app

Reader comments

Tumblr updates iOS app, fixes important potential password security issue