trusk
Reputation: 1703
iOS App has Application binary rpath set, and it's considered a vulnerability
I got the following ticket from my company's security testers:
Description: The binary has Runpath Search Path (@rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable for code execution and privilege escalation. Remove the compiler option -rpath to remove @rpath. Section "macho"
But this is an issue I never heard of. We are using Carthage for part of our dependencies and others are bundled with the app and used directly.
Current rpath values ar set as follows:
Upvotes: 0
Views: 1423
Answers (0)
Related Questions
- CORS rules nginx-ingress rules
- Enable CORS Kubernetes ingress issues
- Ingress controller annotation to supports multiple cors origin
- Ingress nginx enable Cors headers only on Specific Hosts
- Kubernetes nginx-ingress ingress controller CORS handled by application
- Kubernetes nginx ingress prevent response from default-backend on https
- nginx config to kubernetes ingress-nginx
- How to enable CORS with ingress without using nginx?
- how to enable-cors in GKE with ingress
- NGINX Ingress Controller's Default Backend