CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
        • Acl-changes
        • Keychain-always-accessible
        • Keychain-sync
          • Keychain device sync
        • Local-biometrics
        • Missing-user-auth
        • No-verify
        • Pass-fallback
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Keychain-sync

Keychain device sync

keychain-device-sync

The application was observed to store keychain items with the synchronization type kSecAttrSynchronizableAny meaning that the data will be synced to all of the users other authenticated iOS, iPadOS, and MacOS devices. Unless necessary, the application should avoid over-distribution of sensitive data, as this increases the attack surface for which an attacker may gain access to the data.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-

- L
- e
- a
- s
- t
-

- P
- r
- i
- v
- i
- l
- e
- g
- e
-

- V
- i
- o
- l
- a
- t
- i
- o
- n
Keychain accessible alwaysInsecure biometrics
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.