App security test reports Insecure API for React Native iOS App - Binary Analysis (IPA)

[annkiitagrawaal-gep]

Please provide all the information requested. Issues that do not follow this format are likely to stall.

Description

• Binary make use of malloc Function
The binary can use the malloc function instead of calloc. This is the result of a static analysis of the IPA file of an iOS-based application

React Native version:

System: OS: macOS Mojave 10.14.5 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Memory: 273.91 MB / 16.00 GB Shell: 3.2.57 - /bin/bash Binaries: Node: 12.8.0 - /usr/local/bin/node Yarn: Not Found npm: 6.10.2 - /usr/local/bin/npm Watchman: 4.9.0 - /usr/local/bin/watchman Managers: CocoaPods: 1.9.1 - /usr/local/bin/pod SDKs: iOS SDK: Platforms: iOS 12.4, macOS 10.14, tvOS 12.4, watchOS 5.3 Android SDK: API Levels: 23, 24, 25, 26, 27, 28, 29 Build Tools: 28.0.3, 29.0.2, 29.0.3 System Images: android-28 | Google Play Intel x86 Atom, android-29 | Google APIs Intel x86 Atom Android NDK: Not Found IDEs: Android Studio: 3.4 AI-183.6156.11.34.5692245 Xcode: 10.3/10G8 - /usr/bin/xcodebuild Languages: Java: 1.8.0_221 - /usr/bin/javac Python: 2.7.10 - /usr/bin/python npmPackages: @react-native-community/cli: Not Found react: 16.11.0 => 16.11.0 react-native: 0.62.2 => 0.62.2 react-native-macos: Not Found npmGlobalPackages: react-native: Not Found

react-native-cli: 2.0.1 react-native: 0.62.2

Expected Results

How could you change the variables found by those suggested by apple from react native?


The issue has been raised by a client and is being considered as a High priority vulnerability.