Security Vulnerabilities in Javascript Hotpatching in iOS with a Commercial and Open-Source Tool

The need for developers to be able to update mobile apps immediately on discovery of a critical is something the Apple iOS software patching system does not allow through their traditional app patching lifecycle. Two tools have been developed to solve this problem, one commercial and one opensource. Both employ JavaScript and dynamic code downloads and provide a method for users to receive immediate updates, but both have the potential to be abused and open the user to multiple security vulnerabilities. This paper will discuss the how tools JSPatch and Rollout.io, open-source and commercial respectively, enable quick updates but also expose users to multiple security vulnerabilities.

Published in: International Conference on Information Society (i-Society 2017)

Date of Conference: 17-19 July 2017
DOI: 10.2053/iSociety.2017.0017
ISBN: 978-1-908320-80-3
Conference Location: Dublin, Ireland

About Us

From Art to Science and Climate Change to World Peace, we embrace technological advancement, innovative Ideas, encourages research collaboration and training worldwide. The Society also questions the boundary issues between societal and technological dimensions of knowledge evolution, which lead to the concept of Infonomics. As part of our continuous improvement, we develop innovative ideas that combine traditional techniques with advanced technologies to create something very different.

Quick Links

Write Us

If you have a general enquiry,
please contact us.

Address
37th Floor
1 Canada Square
Canary Wharf
London, E14 5AA
United Kingdom

Security Vulnerabilities in Javascript Hotpatching in iOS with a Commercial and Open-Source Tool

Abstract

About Us

Quick Links

Write Us

Follow Us On: