{ "type": "bundle", "id": "bundle--4cf8e721-11ec-4476-973d-f5982c641d5f", "spec_version": "2.0", "objects": [ { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8", "created": "2022-04-01T15:16:02.324Z", "x_mitre_version": "0.1", "external_references": [ { "source_name": "iOS Universal Links", "url": "https://developer.apple.com/ios/universal-links/", "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020." }, { "source_name": "Android App Links", "url": "https://developer.android.com/training/app-links/verify-site-associations", "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020." }, { "source_name": "IETF-PKCE", "url": "https://tools.ietf.org/html/rfc7636", "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016." } ], "x_mitre_deprecated": false, "revoked": false, "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ", "modified": "2022-04-01T15:16:02.324Z", "relationship_type": "mitigates", "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }