The iOS Mozilla VPN app was checked for property settings which weaken the security
of the application. It was discovered that NSAllowsArbitraryLoads is set. This means it
disables the default App Transport Security restrictions and permits the app to utilize
plain-text HTTP requests.
Affected File: Info.plist
Affected Code:
As neither the source code nor the runtime assessment indicated that the iOS app
actually requires plain-text HTTP, it should be taken into consideration to remove this
property. This would ensure that the default ATS restrictions are enforced.
The iOS Mozilla VPN app was checked for property settings which weaken the security
of the application. It was discovered that NSAllowsArbitraryLoads is set. This means it
disables the default App Transport Security restrictions and permits the app to utilize
plain-text HTTP requests.
Affected File:
Info.plistAffected Code:
As neither the source code nor the runtime assessment indicated that the iOS app
actually requires plain-text HTTP, it should be taken into consideration to remove this
property. This would ensure that the default ATS restrictions are enforced.
┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: