OVIA (Oversecured Vulnerable iOS App) is an iOS app that aggregates all the platform’s known and popular security vulnerabilities.
List of vulnerabilities
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from OVIA will receive detailed examination and analysis on our blog.
- Enabled iTunes file sharing allowing to browse and access files from
Documentsdirectory in file
- Session theft via
- Overwriting of arbitrary files via
- Memory corruption via
- HTML injection via
- Hardcoded AES encryption key and IV in file
- Enabled (not disabled) caching in
NetworkCalls.swiftthat saved credentials onto the device.
- Insecure ATS configuration allowing insecure connections in file
- Dumping the cache file to a public storage in file
Licensed under the Simplified BSD License
Copyright (c) 2021, Oversecured Inc