Insecure Binary compilation
Description
The binary for the IOS platform has been compiled without the Stack Smashing Protector (SSP) and Automatic Reference Counting (ARC) flags which provide protection against Stack Overflow attacks and memory corruption.
Impact
Overwrite registers in memory or cause a denial of service through buffer overflow attacks.
Recommendation
Compile binaries with ARC and fstack-protector-all flags.
Threat
Internal attacker with access to the IPA.
Expected Remediation Time
⌚ 450 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: A
- Attack complexity: H
- Privileges required: L
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: L
Temporal
- Exploit code madurity: P
- Remediation level: O
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:X
- Score:
- Base: 3.7
- Temporal: 3.4
- Severity:
- Base: Low
- Temporal: Low
Code Examples
Compliant code
The application includes ARC and fstack-protector-all flags configured for binary file compilation
sample_app = executable('sample_app',
'app/main.c',
dependencies: libc_dep,
# Added flag below
c_args: '-fstack-protector-all',
c_args: '-f-objc-arc',
link_args: [
linker_script_flags,
map_file.format(meson.current_build_dir()+'/sample_app'),
],
link_depends: linker_script_deps,
native: false
)
Non compliant code
The application has insecure configuration for binary file compilation
sample_app = executable('sample_app',
'app/main.c',
dependencies: libc_dep,
# Added flag below
c_args: '-fstack-protector-none',
c_args: '-fno-objc-arc',
link_args: [
linker_script_flags,
map_file.format(meson.current_build_dir()+'/sample_app'),
],
link_depends: linker_script_deps,
native: false
)
Requirements
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.