#CocoaPodsVulnerability

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks

July 2, 2024 by Xynik

July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

July 2, 2024 by Xynik

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more