Product

Objective C instrumentation, detection of insecure data storage, Regex DoS, and multiple bug fixes.

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

Mon 15 April 2024

This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.

📦 Detection & Knowledge Base

  • Improve dynamic instrumentation for objective-C and persist collected stack traces in the Analysis Dynamic section.
  • Added detection capabilities to identify insecure data storage practices in iOS applications. This includes identifying the use of potentially vulnerable storage mechanisms such as UserDefaults and UIPasteboard.
  • Added detection for Regular Expression Denial of Service (ReDoS) vulnerabilities. This new feature identifies sinks that use user input to create regular expressions, which can lead to potential ReDoS attacks.
  • Refined all KB recommendations to be actionable, so now we have a step-by-step process to solve vulnerabilities.
    refined_kbs.png

Frontend Enhancement

  • Added table of contents to Blogs:
    table_of_content.png
  • Added highlighting to the Tips section:
    tips_highlighting.png
  • Added a button to download all PCAP files at once as a ZIP archive:
    download_all_pcaps.png
  • Show graph edge & node labels in a card:
    graph_edge_card.png

🐞 Bug Fixes

  • Fixed the generation of rules for iOS to take init function into consideration.

We do newsletters, too


Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents