Least Privilege Violation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-272: Least Privilege Violation |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code configures a WKWebView to allow JavaScript to open new windows automatically. This increases the risk of unwanted or malicious pop-ups and reduces the security of the webview.
Impact#
If exploited, attackers could use JavaScript to open additional browser windows or tabs without user consent, potentially leading to phishing attempts, information leaks, or a degraded user experience. This weakens the app’s security posture and could expose users to malicious content.