WHAT'S IN THIS CHAPTER?
Potential security pitfalls in Objective-C
Common vulnerabilities in C language code
Techniques for finding bugs, including security issues
Even the best-designed application can be vulnerable if it is not coded defensively. This chapter will not give you an exhaustive list of issues to look out for; that's a topic that can (and does!) fill several books. You will find out about the more important problems, and why they can lead to vulnerabilities. You will also discover how to detect these problems before they get into the products your customers use.
The Objective-C language used in Cocoa development was designed at a company called Stepstone, at roughly the same time that AT&T was developing C++. Both Objective-C and C++ are extensions to the C language, adding object-oriented features, but the two languages take very different approaches. Where C++ relies on decisions made by the compiler to statically resolve classes and methods, Objective-C has a dynamic nature inspired by the Smalltalk language, and leaves those decisions until runtime.
Since Apple taking stewardship of the language by acquiring NeXT Software in 1997, Apple has added many new features and designed a new runtime library for use in 64-bit Mac applications and on the iPhone. The language itself has largely remained unchanged. There are some simple patterns to bear in mind when writing Objective-C code to avoid some security ...