This update introduces new detection capabilities, new data & privacy controls, improved user experience across the platform, and bug fixes.

🛡️ Detection

• CocoaPods Supply Chain Vulnerability: We added detection for critical vulnerabilities in CocoaPods. One Key Vulnerability is CVE-2024-38368. This vulnerability allowed attackers to claim unclaimed CocoaPods packages and insert malicious code. The potential for widespread damage was immense, affecting both individual developers and large organizations relying on CocoaPods for dependency management. We go over this vulnerability in-depth in our recent article.
• CVE_2024_2194: We added detection for the WP Statistics plugin for WordPress, which is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5.
• Insecure Crypto Mode: A fix was made to improve the rules used to detect Insecure Crypto Mode.

🤝 Compliance

• California Consumer Privacy Act Controls: New support for the California Consumer Privacy Act (CCPA), a comprehensive data privacy law that grants California residents new rights regarding their personal information. To check your app's compliance with the CCPA, click on a scan, scroll down, and then click on the 'Standards' tab.

  

• Secure Privacy Findings: Added support for reporting privacy issues, such as insecure collection of users' crash logs without consent, improper usage of contacts data, undeclared collection of users' health information, etc.

🙂 UX

• Search History: The search history is now kept in the search bar every time you navigate between pages, or forward/backward on the same page.

  

🕸️ Attack Surface

• Bulk Actions: We added support to run bulk actions (automation rules) directly from the Attack Surface.