Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from this intentionally vulnerable app will receive detailed examination and analysis on our blog.
- Enabled iTunes file sharing allowing to browse and access files from
Documentsdirectory in fileInfo.plist. - Session theft via
ovia://deeplink/webview?url=...deeplink. - Overwriting of arbitrary files via
ovia://deeplink/save?data=...&name=...deeplink. - Memory corruption via
ovia://deeplink/save?data=...&name=...&offset=...deeplink. - HTML injection via
ovia://deeplink/alert?message=...deeplink. - Hardcoded AES encryption key and IV in file
Crypto.swift. - Enabled (not disabled) caching in
NetworkCalls.swiftthat saved credentials onto the device. - Insecure ATS configuration allowing insecure connections in file
Info.plist. - Dumping the cache file to a public storage in file
MainViewController.swift.
Licensed under the Simplified BSD License
Copyright (c) 2023, Oversecured Inc