Sujet : Re: Orphaned CodoPods are found in Apple software
De : ithinkiam (at) *nospam* gmail.com (Chris)
Groupes : misc.phone.mobile.iphone comp.sys.mac.appsDate : 08. Jul 2024, 09:06:48
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v6g6mo$pqjo$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9
User-Agent : NewsTap/5.5 (iPhone/iPod Touch)
Wolf Greenblatt <
wolf@greenblatt.net> wrote:
On Sun, 7 Jul 2024 07:37:29 -0400, Alan Browne wrote:
Isn't Swift touted to be "safe by design" on Apple own corporate web pages?
You have 0 understanding of 3rd party toolchains and 3rd party code bases.
Probably very true. All I know is researchers found a flaw in millions of
mac/iOS apps and Apple didn't find that same flaw even after a decade.
The point that's being missed is that no-one else spotted it either.
Despite existing for so long it was never exploited.
This was specifically an error on the side of the people managing the
CocoaPods library. They should not have left orphan accounts open
indefinitely.
Shouldn't Apple care that millions of mac/iOS apps are vulnerable?
*were* vulnerable. It was fixed last year. It has only been reported
recently for obvious reasons.
The reports say that essentially every Apple owner is affected.
*was* (theoretically) affected. No-one was actually affected.
So why wouldn't Apple care to do what researchers did, only 10 years ago?
They do care, but the software ecosystem is very complex and Apple cannot
monitor every third party system developers around the world use.
Your can guarantee they have been looking at this very carefully to see
what they can learn. Obviously being a secretive company we'll never know
what they've changed in response.
Orphaned CodoPods are found in Apple software
Re: Orphaned CodoPods are found in Apple software