Workflow

Mobsf

Latest version: v3.9.7

Safety actively analyzes 624524 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 12

127.0.0.18000

3.9.7

- Features or Enhancements
- iOS Dynamic Analyzer with Corellium
- Dynamic Analysis refactoring for Android and iOS
- Exposed iOS Dynamic Analysis REST APIs
- Added more helper Frida Scripts for Android and iOS Dynamic Analyzer
- Frida support improvements Injected Frida Code View, Injection, Spawn, Attach and Session
- Corellium Reverse SSH connection support
- Enhancements to ARC and Stack Canary Checks in Mach-O Parsing
- Frida RPC Hooks support
- Frida Script QA
- Runtime Executable Tampering Detection
- iOS Dynamic Analysis REST API Docs
- Global Datatables Export as PDF, CSV, XLS, Copy and Print
- Corellium custom host domain support
- Huge improvements in Static Analysis report generation page rendering for APKs/IPAs with large amount of data by JPSxzy8
- Scan independent library file (.so, .dylib, Framework dylib) from APK/IPA Static Analysis Report
- Library analysis refactored relative path helper for Django template.
- Re-introduced RELRO checks for Android, added Dart binary check to avoid Flutter false positives.
- Improved stripped debug symbol check for ELF and MachO using native OS tools such as nm and objdump when available.
- Merge iOS Framework and Dylib Analysis.
- SAST Performance improvements
- Android API Analysis rule QA
- Apksigner.jar fallback for signature parsing
- Simplify MobSF `scan` REST API
- Support for analysis of iOS Frameworks
- Android SVG icon parsing improvments
- Icon analysis refactor and support jpeg and webp icons
- Github action QA
- iOS merge findings from swift and objective c rules with same rule identifier. Fixes 2287
- iOS Binary analysis, sort regex matches. Fixes 2252
- Framework dylibs with no extensions to skip PIE checks. Fixes 2307
- Select correct network_security config. Fixes 2049
- Android Manifest Analysis added support for detecting task hijacking (StrandHogg 1.0 and StrandHogg 2.0) . Fixes 2124
- Added new manifest analysis rule to warn on apps targeting older Android OS
- Updated severity of findings
- UI improvement for AppSec dashboard to show a loader
- UI changes in Static Analysis to collapse large no of files in API and Code Analysis for better real estate
- Improved certificate file analysis for android, jar, aar, and iOS
- AppLink asset json check multithreading performance improvements
- Code QA and ruleset improvements with ChatGPT
- Fixes 2324 , Bug in parsing DSA Public Key parameters for fingerprint calculation.
- AssetLink check QA
- Remove Androguard dependency use only features required by MobSF

- Security
- Arbitrary file writes on Windows with apktool fixed
- Fixed an LFI reported by 0x33c0unt
- Fixed SSRF in AppLinks and Firebase database checks

What's Changed
* Performance Improvements on SAST by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2251
* add apksigner.jar for reading signatures by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2254
* [HOTFIX] add jar by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2255
* Bump Frida to address crash on M1 Mac by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2258
* Simplify Scan API by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2259
* [HOTFIX] iOS Framework Analysis + Multiple Feature QA by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2260
* [HOTFIX] Support webp for icon by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2267
* fixed that the icon cannot be found by ohyeah521 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2265
* [HOTFIX] Allow jpeg icons by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2268
* Fix jadx and apktool failure due to JDK changes by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2269
* [HOTFIX][EFR] Priority Bug Fixes by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2275
* update apktool to 2.9.0 by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2278
* Build(deps): Bump django from 4.1.12 to 4.1.13 by dependabot in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2282
* iOS Dynamic Analysis with Corellium by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2194
* Dynamic Analysis Improvements Android & iOS by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2295
* Dec 2023 QA by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2297
* [HOTFIX] More Android & iOS Frida Scripts by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2299
* [HOTFIX] Android script loading, frida injected code view, paramiko SSH issues by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2300
* Enhancements to ARC and Stack Canary Checks in Mach-O Parsing by cpuu in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2284
* [HOTFIX] RPC hook suggestions + Bug Fix by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2301
* update apktool to 2.9.1 by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2304
* [EFR] QA Request by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2306
* Bug Fixes + Improvements by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2307
* ChatGPT Permission Mapping + Improved Description by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2308
* Windows Python tempfile permission error fix by ohyeah521 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2309
* Multiple Features Improved or Added by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2310
* Malware Permission Check for Android by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2313
* [HOTFIX] Bug Fix and QA by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2315
* Using multithreading to improve code efficiency by ohyeah521 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2319
* GPT Goodness by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2318
* Update SECURITY.md by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2323
* [HOTFIX][SECURITY] Fix an LFI, DSA Pub Key parsing bug and dependencies by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2326
* Filter out invalid links by ohyeah521 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2322
* [SECURITY] Fix Arbitrary file writes on Windows by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2328
* Runtime Exec Tampering Detection, iOS Dynamic REST APIs, Datatables Export by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2339
* MOBSF_CORELLIUM_API_DOMAIN Update by HackJJ in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2347
* poetry pyqt5 fixes by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2362
* Remove Androguard dependency use only features required by MobSF by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2363
* Optimize rendering of big lists by JPSxzy8 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2351
* Update SECURITY.md by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2364
* Update SECURITY.md by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2365
* Resolve the situation where the function name is bytes by ohyeah521 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2367

New Contributors
* cpuu made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2284
* HackJJ made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2347
* JPSxzy8 made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2351

**Full Changelog**: https://github.com/MobSF/Mobile-Security-Framework-MobSF/compare/v3.7.6...v3.9.7

3.7.6

Not secure
- Features or Enhancements
- Docker base image update to Ubuntu 22.04
- Dockerfile QA
- Migrated from Pip to Poetry for dependency management
- Migrate from setup.py to use poetry for build and publish
- Python 3.11 support
- Docker ADB connection improvements (host.docker.internal translation for localhost)
- IOS Swift RulesUpdates `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened`
- Android SCA rules update
- Entropies scan support for strings
- Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base
- Tox QA
- Added poetry build test
- Updated mobsf PyPI publishing workflow
- Update local DBs
- URLs/Email extraction refactor
- Static and Dynamic Binary Analysis QA
- Refactor Dex permissions
- Refactor Androguard `apk.APK()` usage
- Fallback certificate analysis using apksigtool
- Use BeautifulSoup4 to prettify malformed XML
- Detect non standard XML namespace in AndroidManifest.xml, Fixes : 2198
- Updated android permissions list
- Updated android permission update check script
- Github Actions version update
- Apktool bump
- Bump httptools
- Bump yara-python-dex
- Docker image build test for PRs
- iOS Source Report Fix
- Removed unwanted pinned repository
- Frida APK Patcher (WIP)
- Fix for Recent Scans `scan not completed` for iOS zip
- Fix for MachO stripped symbols false positive
- Fix bug in IPA download
- iOS/Android form validation fix
- Fix missing exported components
- Enterprise Feature Request
- String extraction from APK, Source, AAR, JAR, SO.
- Android strings sections to show source of strings extracted
- Strings extraction refactor
- Support for independent `.so` scan
- Dylib analysis support
- Dylib string extraction
- Improved iOS Plist secret extraction
- Support for Independent `.dylib` scan
- Symbols view for dylib and so
- Trackers support for so
- AAR/JAR obfuscation and debug check
- Independent Static Library(.a) ELF/MachO Analysis
- Mac FAT binary only supported on Mac







What's Changed
* Update dynamic_analysis.html by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2218
* Hotfix: Handle Docker <-> ADB connectivity internally by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2219
* update apktool to 2.8.1 by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2220
* update apktool by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2225
* HOTFIX: Dynamic Analyzer Support Alert by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2227
* [HOTFIX] Regex + Rule Update by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2232
* [EFR06] Independent Shared Object (.so) Scan and Improved String search by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2228
* Update macho_analysis.py - SYMBOLS STRIPPED False Negative by Karmaz95 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2234
* [EFR-08] Dylib + Symbols + Other Features by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2239
* Fix missing exported components by Abb4d0n in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2176
* [EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2240
* [EFR10] Independent Static Library(.a) ELF/MachO Analysis by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2242
* Pip to poetry and Dockerfile update by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2244
* Docker Buildx test by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2247
* [HOTFIX] bs4 malformed xml parsing + xml namespace detection by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2248
* [HOTFIX] Migrate from setup.py to poetry, tox QA by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2249

New Contributors
* Karmaz95 made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2234
* Abb4d0n made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2176

**Full Changelog**: https://github.com/MobSF/Mobile-Security-Framework-MobSF/compare/v3.6.9...v3.7.6

3.6.9

Not secure
- Features or Enhancements
- New Simplified and Updated Documentation https://mobsf.github.io/docs/#/
- MobSF Dynamic Analysis support for Docker image
- Updated Documentation to include support for Corellium ARM64 Android VMs
- Add support for environment variables to configure MobSF
- Android SCA extract icon from SVG
- OFAC Sanctioned Country Check
- Improved Android Certificate Analysis
- Updated Android Manifest Analysis Rules
- Enterprise Feature Request
- Summary of Findings under each section
- Support for independent scanning of AAR ad JAR files.

What's Changed
* Adding numeric_owner as a keyword argument by TrellixVulnTeam in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2050
* Scheduled weekly dependency update for week 41 by pyup-bot in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2046
* HOTFIX: UI changes and warning on mobsf.live by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2051
* Split certificate analysis out, suppression list fixes by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2052
* hotfix for quark rules location by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2053
* HOTFIX: jadx update to 1.4.5 by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2064
* Installation script error: Solving spelling error by th3-d4v1d-c0de in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2067
* Android APK support extracting icon SVG from XML by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2060
* HOTFIX: Setup improvement by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2078
* Apktool 2.7.0 update by superpoussin22 in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2082
* New Android Manifest Rule: App support vulnerable android versions by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2114
* Fix for filenames containing ampersand by evmxattr in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2129
* HOTFIX - Fix broken docker builds by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2135
* Fix Scorecard Severity Distribution chart data by antoinbo in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2140
* HOTIX: Update Dockerfile to install jq by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2149
* [HOTFIX] Add support for environment variable for MobSF config by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2150
* HOTFIX: Android min SDK check on janus vulnerability detection by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2159
* [Enterprise Feature Request EFR02] Support summary of severity in each section. by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2160
* [EFR05] Enterprise Feature Request: AAR and JAR support by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2163
* Scheduled weekly dependency update for week 24 by pyup-bot in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2187
* Feature updates and Bug Fixes by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2197
* HOTFIX: MobSF Android Dynamic Analysis Docker Support by ajinabraham in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2214

New Contributors
* th3-d4v1d-c0de made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2067
* evmxattr made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2129
* antoinbo made their first contribution in https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2140

**Full Changelog**: https://github.com/MobSF/Mobile-Security-Framework-MobSF/compare/v3.6.0...v3.6.9

3.6.0

Not secure
- Features or Enhancements
- False Positive Triaging / Suppression Triaging Support for critical Android and iOS Security Analysis features.
- Android Binary & Source - Supports Code Analysis and Manifest Analysis
- iOS Binary - Supports Binary Code Analysis
- iOS Source - Supports Code Analysis
- New REST APIs for Suppression Support
- Android Certificate Analysis improvements
- Remove RELRO check from android binary analysis due to false positives
- iOS Bundle ID extraction improvements
- Feature parity - Allow IPA downloads from reports view
- Code QA: Reduce False positives in identified secrets
- Check for updates from Github releases
- M1 Mac support
- Disabled by default feature to support hotspots in AppSec Scorecard
- Dependency updates
- Added CodeQL scan on MobSF python code base

- Bug Fixes
- Fixes 1999, 1917, 2042 1981 2014 2043
- Fixed a bug in JSON response REST API
- iOS URL view fix
- Code fixes to address minor security issues in thrid party libraries.
- Handle JADX timeouts

3.5.0

Not secure
- Features or Enhancements
- MobSF Application Security Scorecard for scoring mobile application security
- Scorecard REST API
- Published Static Analyzer online [mobsf.live](https://mobsf.live) (Thanks to Jovan Petrovic for sponsoring the server)
- Improved App Security Scoring Logic
- Improved PDF Report, Reduce generation times.
- Disable CVSSv2 by default.
- Non blocking file upload from home screen.
- Android and iOS SAST rule QA
- Manifest, Certificate, Transport Security and Network Security rule QA
- Common severity levels High, Warning, Info and Secure.


- Bug Fixes
- Fixes 1885
- Replaced PWD with dedicated server

Page 1 of 12

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.