Keyedarchiver
Swift keyedarchiver
swift-keyedarchiver
swift-keyedarchiver
The application was found to use NSKeyedArchiver
without utilizing requiringSecureCoding
, which is not considered secure. This can allow for deserialization vulnerabilities, and the application should always ensure requiringSecureCoding
is set to true.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures