Hello Flutter Community,
Our team recently conducted a security audit on our Flutter app, which runs on web, iOS, and Android platforms. The audit report highlighted some high-priority vulnerabilities related to the use of potentially insecure functions on iOS:
_fopen_printf_memcopy_sscanf_malloc
We do not directly use these functions in our codebase. However, they were detected when scanning our compiled iOS binary, and seem to originate from dependencies such as Firebase, the Flutter framework, various libswift***.dylib files, and other Flutter plugins we utilize for specific features.
We are reaching out to the community to:
- Ask if anyone has encountered similar findings during security audits.
- Learn how others have addressed or mitigated these reported vulnerabilities.
- Gather best practices for handling such references originating from third-party libraries or the Flutter framework.
We are committed to ensuring the security of our app and would greatly appreciate any insights or advice from those who have faced similar challenges.
Apologies if I’m breaking some rule I overlooked on the guidelines
Thank you!