Sujet : Re: Orphaned CodoPods are found in Apple software
De : wolf (at) *nospam* greenblatt.net (Wolf Greenblatt)
Groupes : misc.phone.mobile.iphone comp.sys.mac.appsDate : 06. Jul 2024, 22:07:06
Autres entêtes
Organisation : Private News Server
Message-ID : <v6c85a$17bja$1@news.samoylyk.net>
References : 1 2
On Sat, 6 Jul 2024 12:48:23 -0400, Alan Browne wrote:
... been asleep most of the week, huh?
How did you find out about this new hole found in millions of mac/iOs apps?
I was looking up Swift documentation for a project when all the hits by
reverse date shows up to be about this vulnerability for mac/iOS apps.
https://forums.appleinsider.com/discussion/236916/vulnerabilities-found-in-swift-repository-left-millions-of-iphone-apps-exposedThe open-source Swift and Objective-C repository, CocoaPods, had multiple
vulnerabilities that left millions of iOS and macOS apps exposed for a
decade
https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.htmlsecurity flaws were uncovered in the CocoaPods dependency manager for Swift
https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapodsCocoaPods is an open source dependency manager for Swift
https://www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/CocoaPods is a dependency manager for Swift and Objective-C projects
The holes are so big they can't be avoided but why did Apple not find it?
…