Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent MITM attacks on the internal URLSession that connects with api-apple-cloudkit.com #4

Open
edorphy opened this issue Dec 26, 2021 · 1 comment
Open

Prevent MITM attacks on the internal URLSession that connects with api-apple-cloudkit.com #4

edorphy opened this issue Dec 26, 2021 · 1 comment
Assignees
@edorphy
Labels
enhancement New feature or request help wanted Extra attention is needed security An issue with security implications

Comments

@edorphy
Copy link
Owner

edorphy commented Dec 26, 2021

The CKWSContainer's URLSession should have some protection to prevent MITM attacks. Investigate which approach should be taken (identity pinning, Apple CA cert pinning, etc.).
@edorphy edorphy added enhancement New feature or request security An issue with security implications help wanted Extra attention is needed labels Dec 26, 2021
@edorphy edorphy self-assigned this Jan 11, 2022
@edorphy
Copy link
Owner Author

edorphy commented Jan 11, 2022

I exposed the internal URLSession being used to make network calls. Usage of this library can implement the challenge delegate callback as one example to prevent MITM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edorphy edorphy

Labels
enhancement New feature or request help wanted Extra attention is needed security An issue with security implications
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@edorphy