Skip to main content
The application was found to use nscoding, which is not considered secure. When decoding serialized objects, it is not possible to determine what they are, until post-decoding. NSSecureCoding should be used in place of nscoding, and secure serialization and deserialization should be used in all cases where such functionality is required.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures
I