The application’s App Transport Security (ATS) configuration allows for insecure accessing of media content over HTTP connections. This means that images, video, and other media (AVFoundation) data may be accessed via HTTP, potentially leaking that data to others on the local network, or to other network devices the network traffic traverses (proxies, firewalls, load balancers, etc). Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP: - A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures