Free-RASP-iOS icon indicating copy to clipboard operation
Free-RASP-iOS copied to clipboard
verified publisher icon talsec

Crash: CRYPTO_malloc

Open DevOpsAppsIOL opened this issue 6 months ago • 19 comments

Describe the bug The app crash when it detects a security threat.

To Reproduce The issue has been detected on some users through firebase crashlytics. I was not able to replicate the crash but from the logs I see that the problem always occurs on: screenRecording and screenshot.

Expected behavior I expect zero crashes

Screenshots Image Image

Please complete the following information: Crash: CRYPTO_malloc.txt

Additional context Also, trying to launch the debug app with Enable Address Sanitizer active I immediately get this crash

Image Image

DevOpsAppsIOL avatar Jun 11 '25 09:06 DevOpsAppsIOL

Hello @DevOpsAppsIOL , can you elaborate on how many devices does this crash occur (out of how many). Also the models and os versions of these devices? Thank you!

Kind regards, Talsec team

msikyna avatar Jun 16 '25 08:06 msikyna

Hello @msikyna , The crashes occur on all iPhone/iPad models from the last 5 years and use these iOS versions:

  • iOS 18.5.0
  • iOS 18.4.1
  • iOS 18.3.2

There are now about 208 devices with crashes and 210 events.

Image Image Image Image Image Image

I see from the logs that before crashing there is the SecurityService Found incident: screenRecording log in 80% of cases. The remaining 20% have no log.

public func threatDetected(_ securityThreat: SecurityThreat) { CrashlyticsRecords.shared.log(msg: "SecurityService Found incident: \(securityThreat.rawValue)") .... .... .... }

DevOpsAppsIOL avatar Jun 16 '25 10:06 DevOpsAppsIOL

Hi @msikyna, crashes are on the rise. I reached 700 crashes.

Image

DevOpsAppsIOL avatar Jun 24 '25 08:06 DevOpsAppsIOL

Hi @DevOpsAppsIOL

May I know what the version are you used in? Since I'm just starting implement for prevent screenshot and screen recording in my app and I don't want my app crash because this issue.

Thank you

arisupriatna14 avatar Jun 26 '25 02:06 arisupriatna14

Hi @arisupriatna14, I integrated the latest version (6.11.0).

DevOpsAppsIOL avatar Jun 26 '25 07:06 DevOpsAppsIOL

Hello @DevOpsAppsIOL , thank you for adding details. Can you also supply how many running instances do you have? So we can estimate on what percentage of devices the incident happens. Moreover, did it also happen with 6.10.0 version? Thank you!

msikyna avatar Jun 29 '25 18:06 msikyna

Hello @msikyna, we integrated your SDK for the first time starting from 6.11.0. We have reached more than 1000 crashes. The crashes concern about 1% of the total instances. The app is from https://www.italiaonline.it/ and has a very large audience.

DevOpsAppsIOL avatar Jun 30 '25 08:06 DevOpsAppsIOL

Hello, we just released a new version. Could you try integrating it and see whether it solves the issue? Thank you! https://github.com/talsec/Free-RASP-iOS/releases/tag/v6.12.1

msikyna avatar Jul 16 '25 06:07 msikyna

Hello @msikyna , Thanks for the new release. I hope it fixes the various crashes. I'll update you in the coming weeks.

DevOpsAppsIOL avatar Jul 16 '25 15:07 DevOpsAppsIOL

Hello! This issue has been marked as inactive. If there is no further activity within the next 14 days, this issue will be automatically closed. If you believe this issue is still relevant and requires attention, please comment or provide additional information.

github-actions[bot] avatar Aug 04 '25 07:08 github-actions[bot]

Hello @msikyna , I need the whole month of September to understand if the problem has been resolved with the latest version. Thank you.

DevOpsAppsIOL avatar Aug 25 '25 06:08 DevOpsAppsIOL

Hello @msikyna , Even with version 6.12.1 I'm having some crashes. I attached the stack file:

*******_issue_3ef6c8f03ff57498c625e6c781358e93_crash_session_09246602fd5347208ff0b0b0907c831c_DNE_0_v2_stacktrace.txt

DevOpsAppsIOL avatar Sep 09 '25 07:09 DevOpsAppsIOL

Hello! This issue has been marked as inactive. If there is no further activity within the next 14 days, this issue will be automatically closed. If you believe this issue is still relevant and requires attention, please comment or provide additional information.

github-actions[bot] avatar Sep 29 '25 06:09 github-actions[bot]

This is still happening.

makarand-codeblaze avatar Sep 29 '25 10:09 makarand-codeblaze

Hello @msikyna, This is still happening.

I hope for a quick response from you.

Thank you

DevOpsAppsIOL avatar Sep 30 '25 07:09 DevOpsAppsIOL

Hello! This issue has been marked as inactive. If there is no further activity within the next 14 days, this issue will be automatically closed. If you believe this issue is still relevant and requires attention, please comment or provide additional information.

github-actions[bot] avatar Oct 20 '25 06:10 github-actions[bot]

Update: We will be releasing a new SDK around this week that has a few fixes targeted to mitigate this issues. You can look forward to a new update this week.

SirionRazzer avatar Oct 20 '25 06:10 SirionRazzer

Hello, a new release, 6.13.0 has been published, please try if the issue persists. Thank you!

msikyna avatar Oct 23 '25 20:10 msikyna

Hello! This issue has been marked as inactive. If there is no further activity within the next 14 days, this issue will be automatically closed. If you believe this issue is still relevant and requires attention, please comment or provide additional information.

github-actions[bot] avatar Nov 10 '25 06:11 github-actions[bot]

Hello! This issue has been closed. If you believe this issue is still relevant and requires attention, please reopen the issue.

github-actions[bot] avatar Dec 01 '25 06:12 github-actions[bot]