#CVE202438366

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks 

by

July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more

Apple CocoaPods Bugs Expose Millions of Apps to Code Injection

by

July 1, 2024 at 10:23AM A popular dependency manager for Apple apps, CocoaPods, has been exposed to serious vulnerabilities for years. This poses a significant risk to the security of over three million apps, including major ones like Instagram and Uber. The platform’s flaws, discovered by E.V.A Information Security, include critical remote code execution opportunities … Read more