Home / Vulnerability Database / Objective-C : Insecure manipulations with the file system

Objective-C

Objective-C : Insecure manipulations with the file system

Classification

OWASP Mobile Top 10 2014

M4-Unintended Data Leakage

OWASP Mobile Top 10 2016

M2-Insecure Data Storage

PCI DSS 4.0

6.2.4

HIPAA

§164.312 (c)(1)

CWE

CWE-61

Overview

The application uses a method that create a temporary file before writing data to a target file. This method reduces the risk of information leakage when copying or writing to a file, but if the temporary file is created in a public directory, the attacker may replace or steal it before it is written to the targeted file.

References

CWE CATEGORY: Temporary File Issues
CWE-61: UNIX Symbolic Link (Symlink) Following
Mobile Top 10 2014-M4-Unintended Data Leakage
OWASP Mobile Top 10 2016-M2-Insecure Data Storage

LOW

Objective-C : Insecure manipulations with the file system

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Objective-C : Insecure manipulations with the file system in your application?

See also

Objective-C : Internal information leak

Objective-C : Weak hashing algorithm

Objective-C : Unsafe reflection