Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain AttacksĀ 

July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more

Apple CocoaPods Bugs Expose Millions of Apps to Code Injection

July 1, 2024 at 10:23AM A popular dependency manager for Apple apps, CocoaPods, has been exposed to serious vulnerabilities for years. This poses a significant risk to the security of over three million apps, including major ones like Instagram and Uber. The platform’s flaws, discovered by E.V.A Information Security, include critical remote code execution opportunities … Read more