search

stasel / WebRTC

Unofficial distribution of up to date WebRTC framework binaries for iOS and macOS
Other
356 stars 75 forks source link

MobSF Security scan issues #95

Closed pnaandi99 closed 3 months ago

pnaandi99 commented 3 months ago

Hi @stasel We recently conducted a security scan using MobSF security framework and identified a few security vulnerabilities mentioned below.

  1. Binary makes use of insecure API(s) - The binary may contain the following insecure API(s) _fopen , _memcpy , _printf , _sscanf , _strcpy , _strlen , _strncpy
  2. Binary makes use of malloc function
  3. Application binary has rpath set - The binary has Runpath Search Path (@ rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable forWar code execution and privilege escalation. Remove the compiler option -rpath to remove @ rpath. Please advise of remediation plans for these issues. Happy to provide additional information/ context. Thanks!
stasel commented 3 months ago

Hi @pnaandi99 Thank you for reporting this issue. Unfortunately I cannot take any responsibility on the implementation of the library. This repository is compiling the unmodified source code.

If you have security concerns about the WebRTC implementation, it is a good idea to reach out to discuss-webrtc group for more information.