CVE-2020-24653: Expo on iOS is insecure due incorrect security attribute application

Severity: Critical

CVSS Score: 9.8

secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.