Sujet : Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade
De : REMOVETHISbadgolferman (at) *nospam* gmail.com (badgolferman)
Groupes : misc.phone.mobile.iphone comp.sys.mac.system uk.telecom.mobileDate : 03. Jul 2024, 17:46:03
Autres entêtes
Message-ID : <v63v8b$4tnp$1@solani.org>
References : 1 2 3 4
User-Agent : NewsTap/5.5 (iPhone/iPod Touch)
Alan Browne <
bitbucket@blackhole.com> wrote:
On 2024-07-03 02:09, Bill Powell wrote:
Millions of iOS apps were exposed to security breach found in CocoaPods
https://9to5mac.com/2024/07/02/ios-apps-security-breach-cocoapods/
Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain
Attacks
https://www.securityweek.com/critical-cocoapods-flaws-exposed-many-ios-macos-apps-to-supply-chain-attacks/
'Perfect 10' Apple Supply Chain Bug - Millions of Apps at Risk of CocoaPods
RCE
https://securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/
CocoaPods flaws left iOS, macOS apps open to supply-chain attack
https://www.csoonline.com/article/2512935/cocoapods-flaws-left-ios-macos-apps-open-to-supply-chain-attack.html
I scanned those quickly and don't see any mention that the vulnerability
was actually exploited. Hope it wasn't.
Good thing CocoaPods have fixed the issue.
It is another indication that dependencies or services managed by a
third party can be a huge risk for developers and clients. Convenient,
easy and cheap to have these things 3rd party managed - but their issues
become everyone's issues.
I’ve always heard open source software is better because people can
actually find vulnerabilities or back doors in them to report.
Almost every iOS & macOS app has had huge vulnerabilities for over a decade
Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade
