6
GitHub - oversecured/ovia: Oversecured Vulnerable iOS App
source link: https://github.com/oversecured/ovia
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Description
OVIA (Oversecured Vulnerable iOS App) is an iOS app that aggregates all the platform's known and popular security vulnerabilities.
List of vulnerabilities
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from OVIA will receive detailed examination and analysis on our blog.
- Enabled iTunes file sharing allowing to browse and access files from
Documents
directory in fileInfo.plist
. - Session theft via
ovia://deeplink/webview?url=...
deeplink. - Overwriting of arbitrary files via
ovia://deeplink/save?data=...&name=...
deeplink. - Memory corruption via
ovia://deeplink/save?data=...&name=...&offset=...
deeplink. - HTML injection via
ovia://deeplink/alert?message=...
deeplink. - Hardcoded AES encryption key and IV in file
Crypto.swift
. - Enabled (not disabled) caching in
NetworkCalls.swift
that saved credentials onto the device. - Insecure ATS configuration allowing insecure connections in file
Info.plist
. - Dumping the cache file to a public storage in file
MainViewController.swift
.
Licensed under the Simplified BSD License
Copyright (c) 2021, Oversecured Inc
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK