Open
Description
openedon Jan 31, 2023
There are some insecure APIs that exists in this repository that Apple considered insecure and recommended not using:
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW1
These are reported when using Mobile Security Framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF) to scan the IPA.
strcpy:
Line 850 in 6ed0c9e
strncpy:
strncat:
Line 2564 in acc60d0
I understand that the use of these function does not definitely leads to security issues, but I want to bring this to your attention, and check if these are safe to use within our application.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment