Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,377 questions
How to fix MobSF - iOS Vulnerabilities (Xamarin Forms)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 81%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
Nikhil Chaudhary
0
Reputation points
How can I address below iOS vulnerabilities (Xamarin Forms) which is reported by MobSF tool?
- Binary makes use of insecure API(s) --> The binary may contain the following insecure API(s) _sscanf , _chmod , _strcat, _strcpy , _printf , _strncpy , _vsnprintf , _vsprintf, _memcpy , _strlen , _sprintf ,_fopen , _stat.
- Binary makes use of the insecure Random function(s) --> The binary may use the following insecure Random function(s) _random.
- Binary makes use of malloc function --> The binary may use _malloc function instead of calloc.
App is developed by using Xamarin Forms. For resolving the above vulnerabilities, I tried searching these functions in my application but I was not able to find. Even I am not using any random functions as well. In this link it is said it's false positive: https://github.com/xamarin/xamarin-macios/issues/12612 I tried below steps to resolve this:
- Searched my solution if we are using any Random function but we're not using it.
- Even not using insecure calls to API.
- Not using any malloc functions as well.
- Used Re-sharper to decompile the DLLs and searched their as well.
Sign in to answer