DerScanner
Home / Vulnerability Database / Objective-C : Keyboard caching
Objective-C

Objective-C : Keyboard caching

Classification

OWASP Mobile Top 10 2014
M4-Unintended Data Leakage
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
OWASP MASVS
V2: 2.5.(L1/L2/L1+R/L2+R)
HIPAA
§164.312 (a)(1)
CWE
CWE-200
CWE/SANS Top 25 2021
CWE-200

Overview

The application allows entering sensitive data in the text field without implementing measures to disable the iOS keyboard caching mechanism.

The identified field does not disable the iOS keyboard caching mechanism. As a result, any sensitive information will be cached to improve the autocorrect feature.

Insecure Data Storage vulnerabilities take the second place in the “OWASP Top 10 2016” mobile application vulnerabilities ranking.

References

  1. CWE-200: Information Exposure
  2. UITextAutocorrectionTypeNo - developer.apple.com
  3. OWASP: Mobile Top 10 2014-M4
  4. OWASP: Mobile Top 10 2016-M2
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Keyboard caching in your application?

See also

Objective-C

Objective-C : Internal information leak

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection