Bug #22303

[External Audit Findings][iOS] Weak SSL Pinning

Added by yap chekying 2 months ago. Updated about 1 month ago.

Status:ClosedStart date:29 July 2025
Priority:NormalDue date:
Assignee:yap chekying% Done:

100%

Category:-Spent time:-
Target version:-

Description

Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning, attackers can intercept and modify data transmitted between the app and server using invalid certificates, increasing the risk of data tampering.

Recommendation from pentester:
Developers should implement SSL Pinning.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:09 AM

RE OCBC Business Mobile app Audit Findings - July 2025.msg (364 KB) yap chekying, 06 August 2025 11:06 AM

History

#1 Updated by He Xi Yeo 2 months ago

  • Status changed from New to Assigned
  • Assignee changed from He Xi Yeo to yap chekying
  • % Done changed from 0 to 100

Added SSL Pinning, which compare server hashed public key compared to app's hashed public key.

#2 Updated by yap chekying about 2 months ago

#3 Updated by yap chekying about 2 months ago

  • Priority changed from Immediate to Normal

#4 Updated by yap chekying about 2 months ago

  • Status changed from Pending UAT to Pending PROD

#5 Updated by yap chekying about 1 month ago

  • Status changed from Pending PROD to Closed

Released to production

Also available in: Atom PDF