Skip to content

v3.9.7 Beta

Compare
Choose a tag to compare
@ajinabraham ajinabraham released this 25 Mar 18:20
· 70 commits to master since this release
6bce5a2

v3.9.7 Beta Changelog

  • Features or Enhancements

    • iOS Dynamic Analyzer with Corellium
    • Dynamic Analysis refactoring for Android and iOS
    • Exposed iOS Dynamic Analysis REST APIs
    • Added more helper Frida Scripts for Android and iOS Dynamic Analyzer
    • Frida support improvements Injected Frida Code View, Injection, Spawn, Attach and Session
    • Corellium Reverse SSH connection support
    • Enhancements to ARC and Stack Canary Checks in Mach-O Parsing
    • Frida RPC Hooks support
    • Frida Script QA
    • Runtime Executable Tampering Detection
    • iOS Dynamic Analysis REST API Docs
    • Global Datatables Export as PDF, CSV, XLS, Copy and Print
    • Corellium custom host domain support
    • Huge improvements in Static Analysis report generation page rendering for APKs/IPAs with large amount of data by @JPSxzy8
    • Scan independent library file (.so, .dylib, Framework dylib) from APK/IPA Static Analysis Report
    • Library analysis refactored relative path helper for Django template.
    • Re-introduced RELRO checks for Android, added Dart binary check to avoid Flutter false positives.
    • Improved stripped debug symbol check for ELF and MachO using native OS tools such as nm and objdump when available.
    • Merge iOS Framework and Dylib Analysis.
    • SAST Performance improvements
    • Android API Analysis rule QA
    • Apksigner.jar fallback for signature parsing
    • Simplify MobSF scan REST API
    • Support for analysis of iOS Frameworks
    • Android SVG icon parsing improvments
    • Icon analysis refactor and support jpeg and webp icons
    • Github action QA
    • iOS merge findings from swift and objective c rules with same rule identifier. Fixes #2287
    • iOS Binary analysis, sort regex matches. Fixes #2252
    • Framework dylibs with no extensions to skip PIE checks. Fixes #2307
    • Select correct network_security config. Fixes #2049
    • Android Manifest Analysis added support for detecting task hijacking (StrandHogg 1.0 and StrandHogg 2.0) . Fixes #2124
    • Added new manifest analysis rule to warn on apps targeting older Android OS
    • Updated severity of findings
    • UI improvement for AppSec dashboard to show a loader
    • UI changes in Static Analysis to collapse large no of files in API and Code Analysis for better real estate
    • Improved certificate file analysis for android, jar, aar, and iOS
    • AppLink asset json check multithreading performance improvements
    • Code QA and ruleset improvements with ChatGPT
    • Fixes #2324 , Bug in parsing DSA Public Key parameters for fingerprint calculation.
    • AssetLink check QA
    • Remove Androguard dependency use only features required by MobSF
  • Security

    • Arbitrary file writes on Windows with apktool fixed
    • Fixed an LFI reported by @0x33c0unt
    • Fixed SSRF in AppLinks and Firebase database checks

What's Changed

New Contributors

Full Changelog: v3.7.6...v3.9.7