DerScanner
Home / Vulnerability Database / Objective-C : Clipboard usage
Objective-C

Objective-C : Clipboard usage

Classification

OWASP Mobile Top 10 2014
M4-Unintended Data Leakage
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-200
CWE/SANS Top 25 2021
CWE-200

Overview

The application uses the clipboard. Valuable data transferred via the clipboard may be accessed by third-party applications and thus be compromised.

Data copied using the cut/copy features in iOS goes inside a buffer known inside a pasteboard item. It is possible for other applications to access the content of this pasteboard. If the pasteboard item contains some confidential information, it might lead to information leakage.

Insecure Data Storage vulnerabilities take the second place in the “OWASP Top 10 2014” mobile application vulnerabilities ranking.

References

  1. UIPasteboard - developer.apple.com
  2. Securing iOS Applications - Dr. Bruce Sams / OWASP
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Clipboard usage in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection