Flash Seats has quickly acted to fix a security alert affecting its iOS app that could potentially have put the security of customer data at risk.
TheTicketingBusiness reported last week that the North American digital ticket service’s mobile platform was found to be “failing” to properly validate SSL certificates provided by HTTPS connections in a ‘vulnerability advisory’ issued by the CERT Coordination Center (CERT/CC) at Pittsburgh’s Carnegie Mellon University’s Software Engineering Institute.
However, in a statement released to TheTicketingBusiness, parent company AXS Ticketing said it has now remedied the issue.
“We are aware of this issue and the fix has already been implemented and is now available in the App Store, closing identified vulnerabilities related to MITM access,” said an AXS spokesperson. “We have alerted CERT of the update they are in the process of removing the notice.”
Flash Seats’ more than 200 partners include the NBA’s Cleveland Cavaliers and Utah Jazz, as well as the NFL’s Detroit Lions, several MLS teams and a host of major North American venues.
It offers an “innovative, cutting-edge solution combining digital venue access, a branded marketplace for electronic event access rights, and a retail-class behavioural marketing system for the sports and entertainment industries”.
Last week CERT/CC recommended that users wishing to access the Flash Seats app should avoid using public WiFi and other untrusted networks, and instead consider using the operator’s website.