Sujet : Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade
De : jollyroger (at) *nospam* pobox.com (Jolly Roger)
Groupes : uk.telecom.mobile misc.phone.mobile.iphone comp.sys.mac.systemDate : 03. Jul 2024, 19:46:19
Autres entêtes
Organisation : People for the Ethical Treatment of Pirates
Message-ID : <lelkjrF91g3U4@mid.individual.net>
References : 1 2 3 4 5 6
User-Agent : slrn/1.0.3 (Darwin)
On 2024-07-03, Chris <
ithinkiam@gmail.com> wrote:
badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
Alan Browne <bitbucket@blackhole.com> wrote:
>
I scanned those quickly and don't see any mention that the
vulnerability was actually exploited. Hope it wasn't.
Good thing CocoaPods have fixed the issue.
It is another indication that dependencies or services managed by a
third party can be a huge risk for developers and clients.
Convenient, easy and cheap to have these things 3rd party managed -
but their issues become everyone's issues.
I’ve always heard open source software is better because people can
actually find vulnerabilities or back doors in them to report.
>
And for black hats to find them and exploit them.
Not to mention malicious actors insert back doors into open source
software undetected all of the time - some recent examples:
<
https://www.infosecurity-magazine.com/news/backdoor-xz-utils-linux-open-source/>
<
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/>
<
https://cyberscoop.com/bootstrap-sass-infected-snyk-rubygems/>
-- E-mail sent to this address may be devoured by my ravenous SPAM filter.I often ignore posts from Google. Use a real news client instead.JR