DerScanner
Home / Vulnerability Database / Swift : Missing jailbreak detection
Swift

Swift : Missing jailbreak detection

Classification

OWASP Mobile Top 10 2014
M5-Poor Authorization and Authentication
OWASP Mobile Top 10 2016
M8-Code Tampering
OWASP MASVS
V8: 8.1.(L1+R/L2+R)V8: 8.4.(L1+R/L2+R)
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-862
CWE/SANS Top 25 2011
CWE-862
CWE/SANS Top 25 2021
CWE-862

Overview

Most likely in this application there are no checks for the presence of OS superuser rights (jailbreak).

The application that works with valuable data must check the device for jailbreak and limit the functionality in case of a positive result.

Theoretically, having a root, an attacker can bypass any checks for jailbreak. But the more different non-trivial tests are used, the lower the probability of such an event.

References

  1. OWASP: Consequences of a Jailbroken iDevice (pdf)
  2. OWASP Mobile Top 10 2016-M8-Code Tampering
MEDIUM

DerScanner Severity Score

Do you want to fix Swift : Missing jailbreak detection in your application?

See also

Swift

Swift : Nill password

Swift

Swift : Hardcoded salt

Swift

Swift : Undocumented feature: special account