IPA Binary Misconfiguration - @rpath

Yell at your security tool vendor?

Seriously though, rpath-relative paths are a normal part of iOS development. If, for example, your app has an embedde framework, it will reference that framework via an rpath-relative path. If your security tool is complaining about that, it needs to be fixed.

On macOS rogue, rpath entries are a common source of problems. See Resolving Gatekeeper Problems Caused by Dangling Load Command Paths for more on that. However, an iOS app always runs as if library validation were enabled, and thus this whole class of problems is not an issue on that platform.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi @eskimo

Based on our pen tester feedback, on a jailbroken device, one can insert malicious code into frameworks in system paths that gets run by apps. It is therefore our understanding that if the device is jailbroken, it has the same vulnerabilities as macOS with respect to rpaths. Would you mind clarifying whether or not you see rpaths on jailbroken devices as a legitimate security issue?

Thanks,

Would you mind clarifying … ?

Sorry but I’m not going to get involved in that conversation. Your relationship with your vendors is very much your business.

I do, however, stand by by comment:

rpath-relative paths are a normal part of iOS development.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"