Orphaned CodoPods are found in Apple software

Orphaned Pods are used as dependencies of many other packages available on
CocoaPods. For example, we found mentions of orphaned Pods in the
documentation or terms of service documents of applications provided by
Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft
(Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta,
Yahoo, Zynga, and many more.

Overall we found 685 Pods that had an explicit dependency using an orphaned
Pod; doubtless there are hundreds or thousands more in proprietary
codebases. All of these were, at some period or another, vulnerable to the
supply chain attack described below.

By taking ownership of a part of the iOS/macOS app supply chain, and based
on the documented dependencies we mentioned above, an attacker would have
free reign to access millions of mobile apps and the hundreds of millions
of people that use them.

Many of these unclaimed Pods are still in wide use.

https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods