The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.