Detection of CocoaPods Supply Chain Vulnerability, CCPA, SOC2 and more
This update introduces new detection capabilities, new data & privacy controls, improved user experience across the platform, and bug fixes.
Mon 08 July 2024
CocoaPods Supply Chain Fire: What Should You Know
E.V.A Information Security uncovered critical vulnerabilities in CocoaPods, leading to immediate ...
Wed 03 July 2024
Bug Fixes, Detection, and Attack Surface Improvements
This update introduces bug fixes, detection improvements, and attack surface enhancements to prov...
Mon 01 July 2024
iOS TestFlight scan, Slack Integrations and other improvements
This update introduces support for scanning apps using iOS TestFlight, Slack Integrations, suppor...
Mon 10 June 2024
Integrations, Dynamic analysis improvements, and a new standard support
This update introduces multiple new integrations with CI/CD pipelines, improvements to dynamic traces interception & analysis, support for the MASVS v2.0.0 standard, and many bug fixes.
Discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.
This update adds the discovery of hidden web paths, detection of libwebp vulnerability, and new CVE detections.
Latest posts
🚀 OXO v1.0!
OXO version 1.0, is 10x times faster, supports ARM64 architectures, and is packed with improved capabilities like scanning multiple assets, simpler and powerful CLI.
Mon 29 April 2024
Better UI, more concise scan report, improved detection of insecure webview usage, and multiple bug fixes.
This update improves the user interface of the platform, adds new detection for Webview-related vulnerabilities, and ships multiple bug fixes.
Tue 23 April 2024
Apple Privacy: A Comprehensive Guide to Privacy Manifest Files
This article offers a guide to Privacy Manifest files in Apple's ecosystem, stressing their importance for transparency and compliance, especially with the upcoming 2024 mandate, outlining steps for implementation, and underscoring their role in promoting user trust and adherence to regulations.
Thu 18 April 2024
Objective C instrumentation, detection of insecure data storage, Regex DoS, and multiple bug fixes.
This update significantly improves objective-C instrumentation, adds new detection for insecure data storage and Regex DoS, and ships multiple bug fixes.
Mon 15 April 2024
Enhancing PostMessage XSS Detection with Proxy Object Instrumentation
The article introduces a new method for detecting PostMessage Cross-Site Scripting (XSS) vulnerabilities using JavaScript Proxy objects, which enhances traditional dynamic fuzzing techniques.
Thu 04 April 2024
Ostorlab KEV update for 02 April 2024
New vulnerabilities added to Ostorlab known exploited vulnerabilities catalog
Tue 02 April 2024
Detection of Apple's Privacy Manifest, liblzma backdoor, and Attack Surface fixes.
This update introduces fixes for the Attack Surface, detection for the liblzma backdoor, and a public store for agents.
Mon 01 April 2024
Discovering & Monitoring Mobile Applications Attack Surface with Ostorlab
The article introduces Ostorlab Attack Surface Discovery as a solution for discovering and continuously monitoring mobile applications, alleviating the manual burden on security teams. It outlines steps for adding applications to an inventory, configuring monitoring rules, and emphasizes the platform's ability to streamline mobile application security management.
Tue 26 March 2024
Changelog
View all changesMobile Benchmarking, Monkey Tester Reliability, and Deeper Web Crawling
Tue 23 September 2025