‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more

iPhone apps abuse iOS push notifications to collect user data

January 25, 2024 at 01:38PM iOS apps are using push notifications to collect user data, bypassing Apple’s background app activity restrictions and posing a privacy risk for iPhone users. The practice involves transmitting device data to servers, potentially allowing persistent tracking. Apple plans to tighten restrictions on APIs for device signals to mitigate the issue, … Read more