Apple has fixed a security flaw in the App Store that was reported almost a year ago. This flaw was basically accessing the Apple App Store over WiFi without any encryption. That makes the iOS device vulnerable and anyone sniffing for password details could easily steal it. CNET reported that this flaw has been fixed by Apple and now the users can use the iOS device over WiFi network without any worry.
Whenever an Apple iPhone or other iOS device connects to the App Store over Wi-Fi no encryption was used in the process. Clearly, it was an open invitation to the attackers for quietly stealing the App Store login credentials over unsecured WiFi network. Elie Bursztein, a Google Employee, worked on discovering this vulnerability in the App Store and also posted about the same on his personal blog.
Basically, Apple used the regular HTTP connection without any security layer when the iOS device sends connect request to the App Store while using a WiFi connection. Now Apple has fixed that loop hole and all requests of connecting the iOS device to App Store are carried over HTTPS protocol.
The loophole in the App Store was reported last July and Apple took ten months to investigate and fix the issue.