The application was found to use nscoding, which is not considered secure. When decoding serialized objects, it is not possible to determine what they are, until post-decoding. NSSecureCoding should be used in place of nscoding, and secure serialization and deserialization should be used in all cases where such functionality is required. Likelihood: LOW Confidence: HIGH CWE: - CWE-502: Deserialization of Untrusted Data
OWASP: - A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures