Sujet : Re: Orphaned CodoPods are found in Apple software
De : wolf (at) *nospam* greenblatt.net (Wolf Greenblatt)
Groupes : misc.phone.mobile.iphone comp.sys.mac.appsDate : 08. Jul 2024, 22:58:30
Autres entêtes
Organisation : Private News Server
Message-ID : <v6hjtm$1ind6$1@news.samoylyk.net>
References : 1 2 3 4 5 6 7 8 9 10
On Mon, 8 Jul 2024 08:06:48 -0000 (UTC), Chris wrote:
Probably very true. All I know is researchers found a flaw in millions of
mac/iOS apps and Apple didn't find that same flaw even after a decade.
The point that's being missed is that no-one else spotted it either.
Despite existing for so long it was never exploited.
Three million iOS/macOS apps were vulnerable for a decade, and Apple didn't
even care to think about backing up their own claims of safety & security.
This was specifically an error on the side of the people managing the
CocoaPods library. They should not have left orphan accounts open
indefinitely.
It's worse than that because ANYONE (yes, even you and me) could have
injected code into those apps for a decade without Apple caring about it.
Shouldn't Apple care that millions of mac/iOS apps are vulnerable?
*were* vulnerable. It was fixed last year. It has only been reported
recently for obvious reasons.
It was fixed but Apple didn't even know about it until someone told them
that anyone (yes, even you and me) could have injected code into any of
three million macOS/iOS apps for over a decade because Apple didn't care.
The reports say that essentially every Apple owner is affected.
*was* (theoretically) affected. No-one was actually affected.
Apple doesn't care that anyone (yes, you and me included) could have
injected code into three million iOS/macOS apps which is why it's obvious
that Apple doesn't care about safety and security in their own ecosystem.
So why wouldn't Apple care to do what researchers did, only 10 years ago?
They do care, but the software ecosystem is very complex and Apple cannot
monitor every third party system developers around the world use.
If researchers found it, so could have Apple. Apple didn't even care.
If Apple actually cared about the safety & security of their ecosystem,
they would have found these holes in 3 million apps a decade ago.
Your can guarantee they have been looking at this very carefully to see
what they can learn.
It's obvious from what happened that Apple doesn't care about the safety
and security of the Apple ecosystem because if they did, this wouldn't have
happened.
Obviously being a secretive company we'll never know
what they've changed in response.
Apple only wants to advertise about safety & security they don't even test.