"If there is a bug in one of these components, then all the apps that use the library would have the same bug," he said.
Travel apps are a particularly sensitive target because these apps hold personal data, financial data, loyalty program data, as well as travel itineraries.
"It's really important to understand what they're doing to protect this data," Blaich said.
Vulnerable apps could also become a potential attack vector once employees connect to their company networks.
Unfortunately, there's not much that employees or their companies can do to lock down these apps, other than to make sure that all mobile devices and apps are running the latest, updated versions.
In addition, he said, travel apps should only be downloaded from the official app stores.
"Some of the flaws we discovered would allow an attacker to create a malicious version of the app and have it look the same as the original app," he said.
Bluebox declined to disclose the names of the apps and their particular security problems.
Sign up for Computerworld eNewsletters.