A vulnerability was detected within an AFNetworking implementation, however, was not observed being executed during runtime.
This can be tied to the main executable, or statically embedded within a third-party library.
The context table below will provide the vulnerable configurations that were detected, along with the module they were found in (if applicable).
Steps to Reproduce
This test observes the AFNetworking library at runtime and reports the configuration being used.
This can be validated in the code used to configure AFNetworking.
Business Impact
The app is using a 3rd party library to communicate which is not secure.
A malicious actor could remotely see and modify information coming to and from the app.
This could then be used to access confidential information on your device or work network.
Remediation Resources
Ensure the application is using an updated version of AFNetworking, and that it is configured properly.
In the case of unused implementations of AFNetworking, it is recommended that it be removed.
Finding Description
A vulnerability was detected within an AFNetworking implementation, however, was not observed being executed during runtime. This can be tied to the main executable, or statically embedded within a third-party library. The context table below will provide the vulnerable configurations that were detected, along with the module they were found in (if applicable).
Steps to Reproduce
This test observes the AFNetworking library at runtime and reports the configuration being used. This can be validated in the code used to configure AFNetworking.
Business Impact
The app is using a 3rd party library to communicate which is not secure. A malicious actor could remotely see and modify information coming to and from the app. This could then be used to access confidential information on your device or work network.
Remediation Resources
Ensure the application is using an updated version of AFNetworking, and that it is configured properly. In the case of unused implementations of AFNetworking, it is recommended that it be removed.
Risk and Regulatory Information
Severity: medium CVSS: 5.3
Application
See more detail in the NowSecure Report