SYM_SWIFT_0003 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Least Privilege Violation
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-272: Least Privilege Violation |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code configures a WKWebView to allow JavaScript to open new windows automatically. This increases the risk of unwanted or malicious pop-ups and reduces the security of the webview.
Impact
If exploited, attackers could use JavaScript to open additional browser windows or tabs without user consent, potentially leading to phishing attempts, information leaks, or a degraded user experience. This weakens the app's security posture and could expose users to malicious content.