A newly-discovered vulnerability in iOS apps apparently allows hackers to bypass HTTPS security to steal sensitive information, Digital Spy reports.

The problem has been traced back to open source code library AFNetworking's version 2.5.1, which was released in January.

According to analytics firm SourceDNA, the code includes a bug that lets people skip a validation check and access an iOS device on the same Wi-Fi network, then present a fake SSL certificate which allows them to decrypt HTTPS data.

An updated version of the code which fixes the problem was released three weeks ago, but a number of high-profile apps are still using the old insecure code.

Apps which were affected include Uber, Movies by Flixster, Microsoft and Yahoo.

The flaw could raise questions about the long-standing assumption that open-source software is more secure.

If you're worried about your data, there's a tool that allows you to see which apps have been affected.