annkiitagrawaal-gep
commented
3 years ago Hi @react-native-bot Any updates on this?
Open annkiitagrawaal-gep opened 3 years ago
annkiitagrawaal-gep
commented
3 years ago Hi @react-native-bot Any updates on this?
annkiitagrawaal-gep
commented
3 years ago The client has raised this as a high priority issue. Security teams want a resolution at the earliest. Need some help here:
jarnakantaria-gep
commented
3 years ago Hi,
Please let us know if there's any specific reason for using malloc, even we are facing similar issue. Thank you.
Manikanta-GEP
commented
3 years ago Hi, Any update on this issue?
dulmandakh
commented
3 years ago Could you please check if issue persists on latest version or 0.63.x. Thanks
annkiitagrawaal-gep
commented
3 years ago Hi @dulmandakh , Thanks for your reply.
The scan was done by a client using MobSF. We cannot go back to them without confirmation that the issue does not exist n 0.63.x . Also upgrading to a higher version generally leads to breaking changes and bugs and is atleast a 2-3 sprint job. Hence, request you confirm if the above issue is fixed in 0.63.x so that we can plan the same and pick it up at the earliest.
annkiitagrawaal-gep
commented
3 years ago Hi @dulmandakh
Please let me know if there are any updates on this. As I mentioned we cannot move to react native version 0.63 without confirmation that the issue is resolved in the said version.
shaikhaffan
commented
3 years ago Hi @annkiitagrawaal-gep I am also facing similar problem where-the security is reporting similar security issues
ghost
commented
3 years ago Hi @annkiitagrawaal-gep Im also facing this problem, any update on this?
annkiitagrawaal-gep
commented
3 years ago Hi @annkiitagrawaal-gep Im also facing this problem, any update on this?
No @JaysonTeano no updates from the React Native team on this. There was just one reply from @dulmandakh on the 17th of Jan which does not confirm but asks us to verify on 0.63.x
cristiancristache1
commented
3 years ago Any updates on this issue?
yogendrajs
commented
3 years ago Hi @annkiitagrawaal-gep Im also facing this problem, any update on this?
No @JaysonTeano no updates from the React Native team on this. There was just one reply from @dulmandakh on the 17th of Jan which does not confirm but asks us to verify on 0.63.x
Hey guys, I've scanned my app in MobSF at RN v0.64.2, but this issue still persists. Any workaround for this?
stale[bot]
commented
2 years ago Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as a "Discussion" or add it to the "Backlog" and I will leave it open. Thank you for your contributions.
encosw
commented
2 years ago Hi @annkiitagrawaal-gep Im also facing this problem, any update on this?
No @JaysonTeano no updates from the React Native team on this. There was just one reply from @dulmandakh on the 17th of Jan which does not confirm but asks us to verify on 0.63.x
Hey guys, I've scanned my app in MobSF at RN v0.64.2, but this issue still persists. Any workaround for this?
Scanned with RN v0.67.2 but still reporting these issues. Any solution? @dulmandakh
guncebektas
commented
2 years ago we are still getting it with RN 0.68. The security team is considering the issue as a High priority vulnerability. Is anyone working on it? Thanks.
GirishVC86
commented
2 years ago Any update on this issue. Security Vulnerability still persist.
paul-castro
commented
2 years ago Any update?
yogendrajs
commented
2 years ago Nope
mlev
commented
1 year ago We are still seeing this issue with our Expo app with React Native 0.70.5 and raised as high severity during the app security review.
Issue: Binary makes use of malloc function Severity: High Description: The binary may use _malloc function instead of calloc
Has anyone found a way to get rid of this vulnerability?
Note - we also get a related issue "Binary makes use of insecure API(s)", which is mentioned in this closed issue https://github.com/facebook/react-native/issues/25414 - but again no fix outlined.
yogendrajs
commented
1 year ago Using Appdome.com for the same in the app
mlev
commented
1 year ago Ok thanks @yogendrajs - can you explain a little? Do you run appdome against your existing app binaries and then the result passes the MobSF analysis. Or are you using appdome as a replacement for MobSF?
yogendrajs
commented
1 year ago Appdome is another platform which does something internally with your app binaries (kinda security layer) and then provides you with the updated build either apk or ipa and then you can use that apk/ipa in MobSF to get your analysis done.
On Tue, 6 Dec 2022 at 12:12, mlev @.***> wrote:
Ok thanks - can you explain a little? Do you run appdome against your existing app binaries and then the result passes the MobSF analysis. Or are you using appdome as a replacement for MobSF?
— Reply to this email directly, view it on GitHub https://github.com/facebook/react-native/issues/30494#issuecomment-1338863080, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKKCYCCEKOBI2TLCTVI3BWDWL3N5DANCNFSM4UGSGSOQ . You are receiving this because you commented.Message ID: @.***>
thitoo-yf
commented
1 year ago 
how can I resolve this issue from the native code? I have use MobSF and get the report.
MskShahrukh
commented
1 year ago Seems like no resolution to this issue ? Facing the same problem, was anyone able to come up with a solution?
Rananjaya
commented
1 year ago Same issue here also, any solution ?
jignesh-joshi
commented
1 year ago I have the same issue. I am using react-native: 0.68.4
Is anyone able to come up with a solution?
chunghn
commented
1 year ago same issue
bhaskardekaraja-techolution
commented
10 months ago Hey Guys Facing similar issue
Is there a way to solve this. Using React Native version 0.72.6
HannahCarney
commented
5 months ago Same issue using 0.71.13, but upgraded to latest and same issue there too...
sharad-incapsulate
commented
4 months ago Same issue even in "react-native": "0.74.2"
BatDroid
commented
4 months ago any fix gonna happen on this?
popudev
commented
3 months ago Same issue even in "react-native": "0.73.8"
iamsaadMehmood
commented
2 weeks ago The same issue in "react-native" : "0.76.1" Is there any solution?
Please provide all the information requested. Issues that do not follow this format are likely to stall.
Description
• Binary make use of malloc Function The binary can use the malloc function instead of calloc. This is the result of a static analysis of the IPA file of an iOS-based application
React Native version:
System: OS: macOS Mojave 10.14.5 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Memory: 273.91 MB / 16.00 GB Shell: 3.2.57 - /bin/bash Binaries: Node: 12.8.0 - /usr/local/bin/node Yarn: Not Found npm: 6.10.2 - /usr/local/bin/npm Watchman: 4.9.0 - /usr/local/bin/watchman Managers: CocoaPods: 1.9.1 - /usr/local/bin/pod SDKs: iOS SDK: Platforms: iOS 12.4, macOS 10.14, tvOS 12.4, watchOS 5.3 Android SDK: API Levels: 23, 24, 25, 26, 27, 28, 29 Build Tools: 28.0.3, 29.0.2, 29.0.3 System Images: android-28 | Google Play Intel x86 Atom, android-29 | Google APIs Intel x86 Atom Android NDK: Not Found IDEs: Android Studio: 3.4 AI-183.6156.11.34.5692245 Xcode: 10.3/10G8 - /usr/bin/xcodebuild Languages: Java: 1.8.0_221 - /usr/bin/javac Python: 2.7.10 - /usr/bin/python npmPackages: @react-native-community/cli: Not Found react: 16.11.0 => 16.11.0 react-native: 0.62.2 => 0.62.2 react-native-macos: Not Found npmGlobalPackages: react-native: Not Found
react-native-cli: 2.0.1 react-native: 0.62.2
Expected Results
How could you change the variables found by those suggested by apple from react native?
The issue has been raised by a client and is being considered as a High priority vulnerability.