Internet-payment provider PayPal said it has rushed out an update to correct a security flaw in its iPhone application that could allow a hacker to intercept users' passwords.

The hole stems from the app's failure to confirm the authenticity of PayPal's website when communicating over the Internet —a basic lapse that the security researcher who found the flaw said would allow someone to access the accounts of unsuspecting users.

PayPal...