Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application - ASAP - after it was apparently found to be transmitting user names and passwords in the clear.
In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr's mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad.
Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) to manage traffic from the mobile device. That allowed user login information to be viewed "in the clear" on an unprotected wi-fi network.
Continued : https://securityledger.com/2013/07/security-lapse-has-tumblr-asking-iphone-ipad-users-to-update-now/
Related: Tumblr Patches Serious Password Sniffing Bug for iPhone/iPad Users
See Vulnerabilities / Fixes: Tumblr for iOS Password Disclosure Security Issue