Implementation vulnerabilities
Unlike Android, iOS apps can also leak sensitive information the way they are implemented.
Pasteboard information leakage
A majority of the developers allow users to copy and paste data from different areas of the app. This can potentially include some confidential information since these features can be potentially exploited.
We will now hook the iGoat app to Cycript by running cycript –p PID to look at what has been copied from the apps and see whether we are able to extract that information by running [UIPasteboard generalPasteboard].items in Cycript, as shown in the following screenshot:
The preceding screenshot leaks ...
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
