Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

Last update: Aug 10, 2022

Description

Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform's known and popular security vulnerabilities.

List of vulnerabilities

This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from this intentionally vulnerable app will receive detailed examination and analysis on our blog.

  1. Enabled iTunes file sharing allowing to browse and access files from Documents directory in file Info.plist.
  2. Session theft via ovia://deeplink/webview?url=... deeplink.
  3. Overwriting of arbitrary files via ovia://deeplink/save?data=...&name=... deeplink.
  4. Memory corruption via ovia://deeplink/save?data=...&name=...&offset=... deeplink.
  5. HTML injection via ovia://deeplink/alert?message=... deeplink.
  6. Hardcoded AES encryption key and IV in file Crypto.swift.
  7. Enabled (not disabled) caching in NetworkCalls.swift that saved credentials onto the device.
  8. Insecure ATS configuration allowing insecure connections in file Info.plist.
  9. Dumping the cache file to a public storage in file MainViewController.swift.

Licensed under the Simplified BSD License

Copyright (c) 2021, Oversecured Inc

https://oversecured.com/

GitHub

https://github.com/oversecured/OversecuredVulnerableiOSApp
You might also like...

Simple, secure password and data management for individuals and teams

Padloc Simple, secure password and data management for individuals and teams (formerly known as Padlock). This repo is split into multiple packages: P

Aug 12, 2022

Cloak Swift - a tool and Tuist plugin to encrypt secrets and then pass them in an obfuscated form into applications

Cloak Swift - a tool and Tuist plugin to encrypt secrets and then pass them in an obfuscated form into applications

This is Cloak Swift - a tool and Tuist plugin to encrypt secrets and then pass them in an obfuscated form into applications.

Jul 18, 2022

The minimalistic, secure and open-source two-factor authentication app.

The minimalistic, secure and open-source two-factor authentication app.

Einmal /ˈainmaːl/ German: once The minimalistic, secure and open-source two-factor authentication app. Features ♻️ Cross-platform — available on Andro

Jun 7, 2022

CCCryptor (AES encryption) wrappers for iOS and Mac in Swift. -- For ObjC, see RNCryptor/RNCryptor-objc

RNCryptor Cross-language AES Encryptor/Decryptor data format. The primary targets are Swift and Objective-C, but implementations are available in C, C

Aug 6, 2022

Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS.

Helper functions for storing text in Keychain for iOS, macOS, tvOS and WatchOS This is a collection of helper functions for saving text and data in th

Aug 3, 2022

Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

KeychainAccess KeychainAccess is a simple Swift wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs extremely easy and much mor

Aug 3, 2022

A simple Swift Keychain Wrapper for iOS, watchOS, and OS X.

Latch A simple Swift 2.0 Keychain Wrapper for iOS, watchOS 2, and OS X. Usage A proper example of how to use Latch can be seen in the tests. import La

Jan 29, 2022

Simple Objective-C wrapper for the keychain that works on Mac and iOS

SAMKeychain SAMKeychain is a simple wrapper for accessing accounts, getting passwords, setting passwords, and deleting passwords using the system Keyc

Aug 1, 2022

Fugu14 is an iOS 14 Jailbreak, including an untether (persistence), kernel exploit, kernel PAC bypass and PPL bypass.

Fugu14 - Untethered iOS 14 Jailbreak Fugu14 is an (incomplete) iOS 14 Jailbreak, including an untether (persistence), kernel exploit, kernel PAC bypas

Aug 5, 2022
Sideload iOS apps regardless of security settings

m1-ios-sideloader Sideload iOS apps regardless of security settings Notes Does not support encrypted IPAs at this time - you can grab decrypted IPAs w

Jun 18, 2022
Automatically audit your Mac for basic security hygiene.
Automatically audit your Mac for basic security hygiene.

Automatically audit your Mac for basic security hygiene The simplest security is the most important. 80% of hacks are caused by 20% of common preventa

Aug 10, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Aug 10, 2022
PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.
PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. P

Jul 29, 2022
Wrapper class for handling all tasks related to RSA cryptography

RSAWrapper Wrapper class for handling all tasks related to RSA cryptography USAG

Dec 24, 2021
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Jul 8, 2022
Safe and easy to use crypto for iOS and macOS

Swift-Sodium Swift-Sodium provides a safe and easy to use interface to perform common cryptographic operations on macOS, iOS, tvOS and watchOS. It lev

Jul 30, 2022
RSA public/private key encryption, private key signing and public key verification in Swift using the Swift Package Manager. Works on iOS, macOS, and Linux (work in progress).

BlueRSA Swift cross-platform RSA wrapper library for RSA encryption and signing. Works on supported Apple platforms (using Security framework). Linux

Jul 8, 2022
Native and encrypted password manager for iOS and macOS.
Native and encrypted password manager for iOS and macOS.

Open Sesame Native and encrypted password manager for iOS and macOS. What is it? OpenSesame is a free and powerful password manager that lets you mana

Aug 6, 2022
A wrapper to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

A wrapper (written only in Swift) to make it really easy to deal with iOS, macOS, watchOS and Linux Keychain and store your user's credentials securely.

Mar 29, 2022