Objective-C : Null pointer release

Classification

OWASP Mobile Top 10 2016

M1-Improper Platform Usage

OWASP MASVS

V7: 7.8.(L1/L2/L1+R/L2+R)

Overview

The application frees memory insecurely when using KeyChainAPI. The memory in which the data was obtained from SecKeychainItemCopyContent, SecKeychainFindGenericPassword, SecKeychainFindInternetPassword must be freed by calling SecKeychainItemFreeContent. The application must check that the pointer is not empty before freeing memory.

References

Keychain Services Reference - developer.apple.com
Keychain Services Programming Guide - developer.apple.com
OWASP Mobile Top 10 2016-M1-Improper Platform Usage

MEDIUM

Objective-C : Null pointer release

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Objective-C : Null pointer release in your application?

See also

Objective-C : Internal information leak

Objective-C : Weak hashing algorithm

Objective-C : Unsafe reflection