Product

Objective C instrumentation, detection of insecure data storage, Regex DoS, and multiple bug fixes.

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

Mon 15 April 2024

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

📦 Detection & Knowledge Base

  • Improve dynamic instrumentation for objective-C and persist collected stack traces in the Analysis Dynamic section.
  • Added detection capabilities to identify insecure data storage practices in iOS applications. This includes identifying the use of potentially vulnerable storage mechanisms such as UserDefaults and UIPasteboard.
  • Added detection for Regular Expression Denial of Service (ReDoS) vulnerabilities. This new feature identifies sinks that use user input to create regular expressions, which can lead to potential ReDoS attacks.
  • Refined all KB recommendations to be actionable, so now we have a step-by-step process to solve vulnerabilities.
    refined_kbs.png

Frontend Enhancement

  • Added table of contents to Blogs:
    table_of_content.png
  • Added highlighting to the Tips section:
    tips_highlighting.png
  • Added a button to download all PCAP files at once as a ZIP archive:
    download_all_pcaps.png
  • Show graph edge & node labels in a card:
    graph_edge_card.png

🐞 Bug Fixes

  • Fixed the generation of rules for iOS to take init function into consideration.

Tags:

detection, objective-c

We do newsletters, too

Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents