Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.IPA symbol table (CWE-200) is a type of IT vulnerability that is associated with the usage of platforms such as iOS and mobile apps. This type of vulnerability allows attackers to gain access to sensitive information by using the symbol table of an iOS application. The symbol table contains information...
Abuse of Mobile Network Connection is a configuration management vulnerability, which can occur in Android, iOS, and Mobile App applications. According to the CWE directory, this vulnerability occurs when the application connects to a mobile network to access services, but the data is not properly protected, allowing an attacker to...
Address Space Layout Randomization (ASLR) is a computer security technique enforced by the operating system that randomizes the memory layout of a program. It is used to prevent malicious code from exploiting known address locations of a program in order to cause the program to crash or execute arbitrary code....
Application checks rooted device is an IT vulnerability that allows attackers to root a mobile device and gain access to the device. This vulnerability is classified as CWE-716: Create a User with Unrestricted Privileges. According to the OWASP Testing Guide, this vulnerability can occur in Android, iOS, and Mobile App...
Application implements anti-debug techniques (CWE-16) is a resiliency vulnerability that occurs when an application implements measures to detect when it is being debugged or reverse-engineered. This vulnerability is often found in mobile apps, specifically on iOS devices where the application can detect when a debugger is attached and can take...
Application signed with an expired certificate is an authentication vulnerability that occurs when an application, such as an app on Android, iOS, or a Mobile App, is signed with an expired certificate, allowing users to execute a malicious application. This vulnerability has been identified in the Common Weakness Enumeration (CWE)...
Automatic Reference Counting (ARC) not enforced is a type of Configuration Management vulnerability (CWE-822) that occurs in mobile applications and iOS. It is an issue where a reference count is not correctly enforced and allows memory to be accessed even when the reference count is 0 or less. This can...
Call to dynamic code loading API is a type of authorization vulnerability that affects Android, iOS and Mobile Apps. This vulnerability allows attackers to bypass authentication measures, such as user accounts, by loading code into the application dynamically. This type of attack is classified as CWE-285 (Improper Authorization) according to...
Cordova Cross-site Scripting (XSS) is a type of vulnerability classified by CWE-79, Cross-site Scripting, which occurs in Android, iOS, and Mobile App platforms. XSS vulnerabilities occur when an application or webpage does not sanitize user input properly, allowing malicious code to be executed as part of the application. This type...
Credentials exposed in logs is a type of Information Leakage vulnerability. This vulnerability occurs when a mobile app, for either iOS or Android, transmits sensitive data such as login credentials in an insecure format, usually in plaintext, over an insecure network. This type of vulnerability is listed in the CWE...
Debug Symbols Present in the Application (CWE-599) is a vulnerability found in iOS and Mobile App software applications. This vulnerability occurs when debug symbols are left in the final application, which can be used by attackers to reverse engineer the application and discover vulnerabilities. As listed in the OWASP Testing...
Dependency Confusion is a type of authorization vulnerability where an attacker can use a form of name confusion to insert malicious code into a system. Dependency Confusion occurs when an application looks for a dependency library with a specific name, and an attacker is able to manipulate the library search...
Facebook SDK debug mode enabled is a configuration management vulnerability (CWE-732) that affects Android, iOS and Mobile App software. This vulnerability occurs when the debug mode of the Facebook SDK is enabled, which allows attackers to bypass security measures, modify data, and take control of the application. Reference to the...
Insecure App Transport Security (ATS) Settings is a vulnerability in the network communication of iOS and Mobile Apps. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-319. This vulnerability occurs when an application does not properly configure the secure connection between the client and the...
Insecure Filesystem Access is a type of authorization vulnerability that occurs when an application does not restrict access to the filesystem of a device, such as a computer or mobile phone. This type of vulnerability can be exploited by malicious actors to access files stored on the device, including confidential...
Insecure hostname validation check (CWE-295) is a type of input validation vulnerability that occurs when an application or system does not properly validate the hostname of requests from a client. This vulnerability is common in mobile applications (iOS and Android) and can lead to man-in-the-middle attacks. According to the OWASP...
Insecure password storage is a vulnerability of the Identity Management CWE-257 category, which occurs in Android, iOS and Mobile App. It is defined as the lack of encryption and secure storage of user credentials, such as passwords, on client systems. This can allow attackers to gain access to sensitive user...
Insecure whitelist is a common configuration management vulnerability, listed as CWE-759, which occurs when an application or system incorrectly implements a whitelisting process. This vulnerability is common in Android, iOS and Mobile App environments and can be used to bypass authentication and authorization controls. According to the OWASP Testing Guide,...
Insecure whitelist configuration is a type of vulnerability in Configuration Management that allows an attacker to access a system by bypassing a whitelist. This vulnerability is registered in the Common Weakness Enumeration (CWE) directory as CWE-639. It is also described in the OWASP Testing Guide. This vulnerability affects Android, iOS,...
iOS URL Scheme Hijacking is a type of input validation vulnerability which occurs in mobile applications on iOS. It is classified in CWE-601 as “URL Redirection to Untrusted Site ('Open Redirect')”. This vulnerability occurs when an application uses URL schemes to pass data to other applications, and is not properly...
iOS URL Scheme Injection is a type of input validation vulnerability that occurs on mobile devices running iOS and in mobile applications. This vulnerability can allow attackers to inject malicious URLs into applications, allowing them to gain access to various data or functions within the application. The Common Weakness Enumeration...
IPA contains only bitcode is an IT vulnerability that affects iOS and Mobile App. It occurs when bitcode is uploaded to an IPA file without the source code. This vulnerability is listed in the CWE directory (CWE-1911) and is described in the OWASP Testing Guide as an insecure direct object...
IPA Frameworks List vulnerability is a type of platform usage vulnerability that affects mobile applications and iOS devices. This vulnerability was first documented in the CWE directory (CWE-921) as a vulnerability that allows an attacker to bypass the application’s security features and gain access to the underlying framework. The OWASP...
IPA Plist files are configuration files used in Apple's iOS and Mobile App platforms. These files are used to control how the application behaves and what features are available. Unfortunately, these files can be manipulated by malicious actors to enable features that can be used to gain access to sensitive...
iTunes UI File Sharing Enabled is an Authorization vulnerability that allows a user to access sensitive data stored in an iOS application or mobile app. This vulnerability is classified as CWE-284 and is described in the OWASP Testing Guide as “insufficient authorization or authentication for an operation involving sensitive data”....
List of calls to dangerous low-level C functions is a vulnerability related to authorization in iOS and Mobile App. It is defined in the Common Weakness Enumeration (CWE) directory as CWE-415: Double Free, which is a type of memory access error where a program attempts to free the same memory...
Mach-O Entitlements is a type of IT vulnerability that is classified as an Authorization issue. This vulnerability is present in both iOS and Mobile App operating systems, and it is listed as CWE-269 in the Common Weakness Enumeration directory. According to the OWASP Testing Guide, Mach-O Entitlements is a type...
No sensitive data stored outside App is a vulnerability (CWE-311) that can arise when an application does not properly secure the data that it stores on remote systems or out of its own scope. This can lead to data theft or data leakage to malicious actors. The vulnerability can occur...
Port open on localhost is a vulnerability that allows attackers to connect to the localhost of a system and exploit it. It is commonly found on Android, iOS, and mobile applications. This vulnerability has been assigned the Common Weakness Enumeration (CWE) identifier CWE-22. The Open Web Application Security Project (OWASP)...
Protected Health Information (PHI) is personal health information that is subject to specific laws and regulations to protect the privacy of individuals. It includes medical history, diagnosis and treatment information, personal information such as name and address, and financial information. The vulnerability occurs when PHI is stored on a mobile...
Sensitive data stored in keyboard cache is a vulnerability related to the usage of a platform, specifically for iOS and Mobile App. The vulnerability is classified under CWE-319: Cleartext Transmission of Sensitive Information. According to the OWASP Testing Guide, an attacker can easily extract sensitive data from the app cache,...
Source Map Code Leak is an Information Leakage vulnerability (CWE-200) where application source code or any other configuration or sensitive data is exposed in source maps. Source maps are used to map JavaScript to its original source code, which can be used to debug applications. Source map code leakage can...
Stack smashing protection not enforced (CWE-119) is a vulnerability in software or application security that occurs when a program does not enforce some form of stack smashing protection. It is an input validation vulnerability that allows a malicious user to change the application's logic by writing to the stack or...
Strings Bplist files is an IT vulnerability that affects platforms such as mobile apps and iOS. It is a type of vulnerability that leads to a lack of secure coding practices, and it is categorized under CWE-120 (Buffer Copy without Checking Size of Input) in the Common Weakness Enumeration (CWE)...
Task hijacking is a type of authorization vulnerability in which an attacker is able to take control of a user's session or task by intercepting the data, such as a session ID, intended for a legitimate user. It is defined in the Common Weakness Enumeration (CWE) directory as CWE-813. This...
URL Scheme list is an Input Validation vulnerability (CWE-20) that occurs in mobile applications and iOS. It is caused when an application's URL scheme list is not properly validated, allowing a malicious user to execute arbitrary code on the application. This vulnerability can lead to malicious code being executed on...
Use of an insecure Bluetooth connection is a network communication vulnerability (CWE-18) that affects Android, iOS and Mobile App platforms. According to the OWASP Testing Guide, this vulnerability occurs when an application uses an insecure Bluetooth connection to communicate with devices or other applications. This can lead to the leakage...
Showing entries 1 to 40 of 40 entries.