Objective-C : Undocumented feature: time bomb

Classification

OWASP ASVS

Malicious Code

CWE

CWE-506 CWE-511

Overview

The application uses a current time comparison. Authors of backdoors use this technique to activate malicious functionality at a given moment (timebomb).

When the time bomb is detonated, it may perform a denial of service, such as crashing the system, deleting critical data, or degrading system response time.

References

Date - Apple Developer Documentation
CWE-511: Logic/Time Bomb
CWE-506: Embedded Malicious Code

MEDIUM

Objective-C : Undocumented feature: time bomb

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Objective-C : Undocumented feature: time bomb in your application?

See also

Objective-C : Internal information leak

Objective-C : Weak hashing algorithm

Objective-C : Unsafe reflection