Major iOS vulnerability patched after 6 months

Elie Bursztein, a Google researcher discovered an iOS App Store vulnerability which occurred due to improper implementation of HTTPS by Apple.The vulnerability allowed anyone to get the users password forcing users to download and manipulate the application updates.Forcing the users to download the unwanted app and pay for  something they didn’t wanted

The attacker could also block the user from downloading applications from the store. It was possible ,if the user and the attacker were on the same wifi like  cafes and airports .Knowing the vulnerability,Apple took 6 months to patch the vulnerability is surprising, putting users privacy at risk.