Bug #22303: [External Audit Findings][iOS] Weak SSL Pinning - VELO Production Issue - S-MADP Customer Support & Information Center

Bug #22303

[External Audit Findings][iOS] Weak SSL Pinning

Added by yap chekying about 13 hours ago. Updated about 13 hours ago.

Status:

Assigned

Start date:

29 July 2025

Priority:

Immediate

Due date:

Assignee:

yap chekying

% Done:

100%

Category:

Spent time:

Target version:

Description

Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning, attackers can intercept and modify data transmitted between the app and server using invalid certificates, increasing the risk of data tampering.

Recommendation from pentester:
Developers should implement SSL Pinning.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:09 AM

History

#1 Updated by He Xi Yeo about 13 hours ago

Status changed from New to Assigned
Assignee changed from He Xi Yeo to yap chekying
% Done changed from 0 to 100

Added SSL Pinning, which compare server hashed public key compared to app's hashed public key.

Also available in: Atom PDF

OCBC NISP Velocity Mobile » VELO Production Issue

Issues

Custom queries

Bug #22303

[External Audit Findings][iOS] Weak SSL Pinning

History

#1 Updated by He Xi Yeo about 13 hours ago