iOS vulnerable to biometric bypass via "objection"

[ssuppan]

My company did some pen testing on our Xamarin native app which is using plugin.fingerprint.
They were able to bypass biometric authentication via "objection v1.11.0".
This script/program allows a local user to hook into EvaluatePolicy() and EvaluateAccessControl().
When a bad fingerprint is scanned, you can return "true" instead of "false" and gain access to the app.

Supporting documentation can be found here.

Steps to reproduce

1. objection -g explore

Expected behavior

The objection script/program should not be able to bypass the bad fingerprint read

Actual behavior

The objection script/program permits the pen tester to bypass fingerprint authentication

Crashlog

If something causes an exception paste full stack trace + Exception here

Configuration

**Version of the Plugin ** 2.1.5

Platform: iOS 12.X and greater

Device: iPhone 12

[smsissuechecker]

Hi @ssuppan,

I'm the friendly issue checker.
Thanks for using the issue template 🌟
I appreciate it very much. I'm sure, the maintainers of this repository will answer, soon.

[ssuppan]

This is not only an issue for fingerprint read on iOS. I believe that Face ID is also vulnerable.

[jvillaro]

Yes this is an issue that we come to via the ethical hacking of our apps. I hope someone can help out