You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
checksec.rs seems to be the only checksec tool that also checks Mach-O files. I stumbled upon this tool due to this check. However, the stack canaries check looks up symbols related to Objective-C code, which is also suggested in guides such as the Mobile Security Testing Guide. According to what I read on the Internet, Swift code has a per default built-in stack protection. For Swift libraries, the stack canary is shown to be disabled. It is misleading, but I don't know how to implement a better check. Maybe the tool could call them ObjC Stack canaries to be a bit more specific. Maybe the tool could add a heuristic check, if the library is Swift-based, Objective-C-based or mixed. Maybe it is more clear than.
The text was updated successfully, but these errors were encountered:
checksec.rs seems to be the only checksec tool that also checks Mach-O files. I stumbled upon this tool due to this check. However, the stack canaries check looks up symbols related to Objective-C code, which is also suggested in guides such as the Mobile Security Testing Guide. According to what I read on the Internet, Swift code has a per default built-in stack protection. For Swift libraries, the stack canary is shown to be disabled. It is misleading, but I don't know how to implement a better check. Maybe the tool could call them ObjC Stack canaries to be a bit more specific. Maybe the tool could add a heuristic check, if the library is Swift-based, Objective-C-based or mixed. Maybe it is more clear than.
The text was updated successfully, but these errors were encountered: