DerScanner
Home / Vulnerability Database / Objective-C : Information leak when entering background mode
Objective-C

Objective-C : Information leak when entering background mode

Classification

OWASP Mobile Top 10 2014
M4-Unintended Data Leakage
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
OWASP MASVS
V2: 2.9.(L2/L2+R)
HIPAA
§164.312 (a)(1)
CWE
CWE-200
CWE/SANS Top 25 2021
CWE-200

Overview

Perhaps, the application does not override the default behavior when entering background mode. This may lead to valuable data leak.

When moving to the background mode, iOS takes a screenshot of the application. If valuable data was presented on the screen at the moment (for example, the user was entering a credit card number), its confidentiality may be violated. It is recommended to override the applicationDidEnterBackground method and replace the image on the screen with a predefined safe one.

References

  1. CWE-200: Information Exposure
  2. Mobile Top 10 2014-M4 Unintended Data Leakage
  3. OWASP Mobile Top 10 2016-M2-Insecure Data Storage
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Information leak when entering background mode in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection