DerScanner
Home / Vulnerability Database / Swift : External storage usage
Swift

Swift : External storage usage

Classification

OWASP Mobile Top 10 2016
M2-Insecure Data StorageM3-Insecure CommunicationM4-Insecure Authentication
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V2: 2.1.(L1/L2/L1+R/L2+R)V2: 2.2.(L1/L2/L1+R/L2+R)V2: 2.13.(L2/L2+R)
HIPAA
§164.312 (c)(1)
CWE
CWE-200CWE-250CWE-312CWE-313CWE-522CWE-921CWE-940
CWE/SANS Top 25 2011
CWE-250
CWE/SANS Top 25 2021
CWE-200CWE-522

Overview

The application writes data to an external storage device.

Files written to external storage device are readable by all applications and can be changed. Besides, files stored in external storage will remain there even after the application is deleted. This can lead to a valuable data confidentiality loss.

References

  1. Reading, Writing, and Deleting Files in Swift by Corey Davis
  2. OWASP: Insecure Storage
  3. CWE-250: Execution with Unnecessary Privileges
  4. CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
CRITICAL

DerScanner Severity Score

Do you want to fix Swift : External storage usage in your application?

See also

Swift

Swift : Nill password

Swift

Swift : Hardcoded salt

Swift

Swift : Undocumented feature: special account