Libraries found in the app were not compiled using ARC, a free feature of Objective-C and Swift. One thing to note: it is possible that an included, pre-compiled binary does not have these protections and it is possible that a third party would have to correct the problem.
Enabling it has no discernible downsides, and prevents memory corruption attacks such as object-use-after-free exploits.
If those exploits are possible, attackers can potentially gain access to a wide variety of information and access with potentially severe consequences.
Steps to Reproduce
This check examines the compiled binary for libraries that do not have Automatic Reference Counting (ARC) enabled.
Business Impact
This app has components that do not protect against a specific type of attack that can expose the app to an attacker performing custom actions. These custom actions could potentially give them access to sensitive information from the app or the device.
Remediation Resources
All newer apps will have ARC enabled by default.
However, if it has become disabled you can go to the Build Settings for the App and make sure that "Objective-C Automatic Reference Counting" is set to YES.
It may be necessary to migrate existing projects to ARC with the Refactoring tool provided by Apple in Xcode that helps the developer in the process.
This will enable automatic memory management in your app as described in the
iOS Developer Library.
Finding Description
Libraries found in the app were not compiled using ARC, a free feature of Objective-C and Swift. One thing to note: it is possible that an included, pre-compiled binary does not have these protections and it is possible that a third party would have to correct the problem. Enabling it has no discernible downsides, and prevents memory corruption attacks such as object-use-after-free exploits. If those exploits are possible, attackers can potentially gain access to a wide variety of information and access with potentially severe consequences.
Steps to Reproduce
This check examines the compiled binary for libraries that do not have Automatic Reference Counting (ARC) enabled.
Business Impact
This app has components that do not protect against a specific type of attack that can expose the app to an attacker performing custom actions. These custom actions could potentially give them access to sensitive information from the app or the device.
Remediation Resources
All newer apps will have ARC enabled by default. However, if it has become disabled you can go to the Build Settings for the App and make sure that "Objective-C Automatic Reference Counting" is set to YES. It may be necessary to migrate existing projects to ARC with the Refactoring tool provided by Apple in Xcode that helps the developer in the process. This will enable automatic memory management in your app as described in the iOS Developer Library.
Risk and Regulatory Information
Severity: low CVSS: 1.6
Application
See more detail in the NowSecure Report