Sujet : Re: Orphaned CodoPods are found in Apple software
De : nuh-uh (at) *nospam* nope.com (Alan)
Groupes : misc.phone.mobile.iphone comp.sys.mac.appsDate : 09. Jul 2024, 02:32:11
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v6i0eb$131tb$2@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11
User-Agent : Mozilla Thunderbird
On 2024-07-08 13:58, Wolf Greenblatt wrote:
On Mon, 8 Jul 2024 08:06:48 -0000 (UTC), Chris wrote:
Probably very true. All I know is researchers found a flaw in millions of
mac/iOS apps and Apple didn't find that same flaw even after a decade.
>
The point that's being missed is that no-one else spotted it either.
Despite existing for so long it was never exploited.
Three million iOS/macOS apps were vulnerable for a decade, and Apple didn't
even care to think about backing up their own claims of safety & security.
Ummmm... ...no.
1. You need to show that "three million" iOS/macOS apps" actually USED CocoaPods.
2. You need to show how many of those made use of the "Pods" that had been orphaned.
This was specifically an error on the side of the people managing the
CocoaPods library. They should not have left orphan accounts open
indefinitely.
It's worse than that because ANYONE (yes, even you and me) could have
injected code into those apps for a decade without Apple caring about it.
Nope. You couldn't inject code into any app that didn't use one of the orphaned "Pods".
>
Shouldn't Apple care that millions of mac/iOS apps are vulnerable?
>
*were* vulnerable. It was fixed last year. It has only been reported
recently for obvious reasons.
It was fixed but Apple didn't even know about it until someone told them
that anyone (yes, even you and me) could have injected code into any of
three million macOS/iOS apps for over a decade because Apple didn't care.
Still stuck on repeating things you know you can't know are true.
Normal, sane people call that "lying".
Orphaned CodoPods are found in Apple software
Re: Orphaned CodoPods are found in Apple software