I have created a flutter IOS project(empty with default page), prepared the IPA, then submit to MobSF Static analysis.
Without adding anything on it, i get 2 high severity issues.
1. Binary makes use of insecure API(s) CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8 binary may contain the following insecure API(s) _printf , _fopen , _memcpy , _sscanf
2. Binary makes use of malloc function CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8 The binary may use _malloc function instead of calloc
So, i am not sure if this is a flutter issue, or MobSF issue, or some misconfiguration on IOS Xcode side?
Appreciate if anyone can help.
