Tumblr issues 'very important' iOS app update to plug security hole

By AppleInsider Staff

Yahoo-owned Tumblr on Tuesday released a security update for its iPhone and iPad apps to resolve an issue that in some cases would allow user passwords to be compromised.

In a post to its official blog, the update fixes an unspecified bug pertaining to password security, which was discovered in iOS versions of the app on Tuesday, reports TheNextWeb.

Tumblr's statement regarding previous versions of its iOS app:

If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.

Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.

Details on the reported bug are scarce, but Tumblr noted that passwords could be "'Sniffed' in transit on certain versions of the app." It is unclear which versions Tumblr is referring to, but the app was most recently updated about one week ago alongside Yahoo! Mail.

The Tumblr update comes in at 12.7MB as is available now for free from the App Store.