Sujet : Re: Orphaned CodoPods are found in Apple software
De : REMOVETHISbadgolferman (at) *nospam* gmail.com (badgolferman)
Groupes : misc.phone.mobile.iphone comp.sys.mac.appsDate : 06. Jul 2024, 21:19:32
Autres entêtes
Message-ID : <v6c8sk$9fdv$1@solani.org>
References : 1 2 3
User-Agent : NewsTap/5.5 (iPhone/iPod Touch)
Wolf Greenblatt <
wolf@greenblatt.net> wrote:
On Sat, 6 Jul 2024 12:48:23 -0400, Alan Browne wrote:
... been asleep most of the week, huh?
How did you find out about this new hole found in millions of mac/iOs apps?
I was looking up Swift documentation for a project when all the hits by
reverse date shows up to be about this vulnerability for mac/iOS apps.
https://forums.appleinsider.com/discussion/236916/vulnerabilities-found-in-swift-repository-left-millions-of-iphone-apps-exposed
The open-source Swift and Objective-C repository, CocoaPods, had multiple
vulnerabilities that left millions of iOS and macOS apps exposed for a
decade
https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
security flaws were uncovered in the CocoaPods dependency manager for Swift
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
CocoaPods is an open source dependency manager for Swift
https://www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/
CocoaPods is a dependency manager for Swift and Objective-C projects
The holes are so big they can't be avoided but why did Apple not find it?
We’re being told it’s not Apple’s job to find security holes in other
peoples dependencies so it’s not their fault.
…