Input Validation / iOS URL Scheme Hijacking

Description

iOS URL Scheme Hijacking is a type of input validation vulnerability which occurs in mobile applications on iOS. It is classified in CWE-601 as “URL Redirection to Untrusted Site ('Open Redirect')”. This vulnerability occurs when an application uses URL schemes to pass data to other applications, and is not properly sanitized or validated. This can lead to an attacker being able to inject malicious code into the application, compromising the user’s security. (OWASP, 2019)

Risk

The risk of this vulnerability is that an attacker can gain access to a user’s data, or even take control of their device. It can also be used to launch attacks against other applications, or even the underlying OS. Depending on the context, the impact of this vulnerability can range from low to high.

Solution

The best solution to this vulnerability is to properly validate and sanitize any data that is passed via URL schemes. This can be done by setting up a whitelist of acceptable URLs, or by checking the URL scheme against a known list of valid URLs. Additionally, applications should not allow any user input to be passed directly to the URL scheme without being validated.

Example

The following code is an example of vulnerable code which can be exploited by an attacker to launch an attack against an application.

let url = URL(string: "\(input)")
UIApplication.shared.open(url!)

The code can be exploited when input is not properly validated or sanitized. If an attacker is able to pass a malicious URL to the application, they can launch an attack against the application or the OS.