Techly NewsGet the app

Get the latest tech news

Vulnerabilities opened 3 million iOS, macOS apps to supply-chain attacks


Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.

The vulnerabilities, which were fixed last October, resided in a “trunk” server used to manage CocoaPods, a repository for open source Swift and Objective-C projects that roughly 3 million macOS and iOS apps depend on. “Injecting code into these applications could enable attackers to access this information for almost any malicious purpose imaginable—ransomware, fraud, blackmail, corporate espionage… In the process, it could expose companies to major legal liabilities and reputational risk.” The trunk server relies on RFC822 formalized in 1982 to verify the uniqueness of registered developer email addresses and check if they follow the correct format.

Get the Android app

Or read this on r/technology

Read more on:

Photo of Vulnerabilities

Vulnerabilities

Photo of macOS apps

macOS apps

Photo of chain attacks

chain attacks

Related news:

News photo

Linux To Incorporate Intel CPU Hybrid Topology For Determining Vulnerabilities/Mitigations

News photo

EPA Says It Will Step Up Enforcement To Address 'Critical' Vulnerabilities Within Water Sector

News photo

Maximum-severity GitLab flaw allowing account hijacking under active exploitation | The threat is potentially grave because it could be used in supply-chain attacks