DerScanner
Home / Vulnerability Database / Objective-C : Insufficient jailbreak detection
Objective-C

Objective-C : Insufficient jailbreak detection

Classification

OWASP Mobile Top 10 2014
M5-Poor Authorization and Authentication
OWASP Mobile Top 10 2016
M8-Code Tampering
OWASP MASVS
V8: 8.1.(L1+R/L2+R)V8: 8.4.(L1+R/L2+R)
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-862
CWE/SANS Top 25 2011
CWE-862
CWE/SANS Top 25 2021
CWE-862

Overview

The application uses a well-known method of testing for the presence of OS superuser rights (jailbreak). An attacker who has privileged access can bypass the check.

The application that works with valuable data must check the device for jailbreak and limit the functionality in case of a positive result. Some test procedures are published and, most likely, are known to the attacker, who as a result can bypass them. It is recommended to use a non-trivial tests for jailbreak.

Theoretically, having a root, an attacker can bypass any checks for jailbreak. But the more different non-trivial tests are used, the lower the probability of such an event.

References

  1. OWASP: Consequences of a Jailbroken iDevice (pdf)
  2. OWASP Mobile Top 10 2016-M8-Code Tampering
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Insufficient jailbreak detection in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection