Bug #22303

[External Audit Findings][iOS] Weak SSL Pinning

Added by yap chekying 21 days ago. Updated 11 days ago.

Status:Pending PRODStart date:29 July 2025
Priority:NormalDue date:
Assignee:yap chekying% Done:

100%

Category:-Spent time:-
Target version:-

Description

Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning, attackers can intercept and modify data transmitted between the app and server using invalid certificates, increasing the risk of data tampering.

Recommendation from pentester:
Developers should implement SSL Pinning.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:09 AM

RE OCBC Business Mobile app Audit Findings - July 2025.msg (364 KB) yap chekying, 06 August 2025 11:06 AM

History

#1 Updated by He Xi Yeo 21 days ago

  • Status changed from New to Assigned
  • Assignee changed from He Xi Yeo to yap chekying
  • % Done changed from 0 to 100

Added SSL Pinning, which compare server hashed public key compared to app's hashed public key.

#2 Updated by yap chekying 13 days ago

#3 Updated by yap chekying 13 days ago

  • Priority changed from Immediate to Normal

#4 Updated by yap chekying 11 days ago

  • Status changed from Pending UAT to Pending PROD

Also available in: Atom PDF