Sujet : Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade
De : ithinkiam (at) *nospam* gmail.com (Chris)
Groupes : uk.telecom.mobile misc.phone.mobile.iphone comp.sys.mac.system comp.mobile.ipadDate : 03. Jul 2024, 08:11:48
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v62tjk$239lb$1@dont-email.me>
References : 1
User-Agent : NewsTap/5.5 (iPhone/iPod Touch)
Peter <
confused@nospam.net> wrote:
A near inconceivable number of Apple iPhone & macOS apps have been exposed
to critical vulnerabilities in a popular dependency manager for over 10
Years such that over three million CocoaPods-built iOS and macOS apps have
been vulnerable for over a decade, unbeknownst to Apple & its test teams.
This is very concerning, however the bit you omitted is that these
vulnerabilities were patched late last year.
The most important thing people can do is keep their apps and iOS up to
date. And maybe reconsider using apps that haven't been updated since
October 2023.
It's also worth mentioning that this was a vulnerability explicitly
possible because of the open source model. Had CocoaPods not been available
on github it would have been possible to exploit as easily or at all.