Swift Deprecated Webview Usage
Description
Detects usage of the deprecated UIWebView class in Swift applications. UIWebView was deprecated by Apple due to security vulnerabilities and replaced with the more secure WKWebView. Using UIWebView can expose applications to security risks like cross-site scripting and malicious script injection.
Detection Strategy
• Check if the Swift source code imports the UIKit framework
• Search for instances where 'UIWebView' class is referenced in the code
• Report a vulnerability if UIWebView usage is found since it's a deprecated component with known security issues
Vulnerable code example
import UIKit
class WebViewController: UIViewController {
func loadWeb() {
// VULNERABLE: UIWebView is deprecated and insecure, use WKWebView instead
let webView = UIWebView(frame: view.bounds)
webView.loadRequest(URLRequest(url: URL(string: "https://example.com")!))
}...✅ Secure code example
import UIKit
import WebKit // Required import for WKWebView
class WebViewController: UIViewController {
func loadWeb() {
// SECURE: Using WKWebView instead of deprecated UIWebView for secure web content rendering
let webView = WKWebView(frame: view.bounds)
webView.load(URLRequest(url: URL(string: "https://example.com")!))...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.