July 2, 2024 at 09:22AM Critical vulnerabilities in the CocoaPods dependency manager allowed threat actors to take over orphaned packages, execute shell commands, and impact millions of iOS and macOS applications. Orphaned pods were associated with a default owner, and an authentication server bug enabled remote code execution. The vulnerabilities were addressed by CocoaPods in … Read more
May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more
May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more