Deutsch English Français Italiano |
<lela2oF7jrrU1@mid.individual.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Jolly Roger <jollyroger@pobox.com> Newsgroups: uk.telecom.mobile,misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad Subject: Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade Date: 3 Jul 2024 15:46:32 GMT Organization: People for the Ethical Treatment of Pirates Lines: 27 Message-ID: <lela2oF7jrrU1@mid.individual.net> References: <v62o4t$22b9c$1@dont-email.me> <v62tjk$239lb$1@dont-email.me> X-Trace: individual.net xCv+xwwDUFgFgsIUsHg+2geeuBkdid3aMwym9MW28OXVN5Zlnn Cancel-Lock: sha1:zCAd2/UZ6XD88+SkZtTYMDATKE8= sha256:1inmPrQs/PmfIAXUhq04raMtAMig0uVySkMIvcinhXE= Mail-Copies-To: nobody X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW< ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e up1/bO{=-) User-Agent: slrn/1.0.3 (Darwin) Bytes: 2225 On 2024-07-03, Chris <ithinkiam@gmail.com> wrote: > Peter <confused@nospam.net> wrote: >> A near inconceivable number of Apple iPhone & macOS apps have been >> exposed to critical vulnerabilities in a popular dependency manager >> for over 10 Years such that over three million CocoaPods-built iOS >> and macOS apps have been vulnerable for over a decade, unbeknownst to >> Apple & its test teams. > > This is very concerning, however the bit you omitted is that these > vulnerabilities were patched late last year. > > The most important thing people can do is keep their apps and iOS up > to date. And maybe reconsider using apps that haven't been updated > since October 2023. > > It's also worth mentioning that this was a vulnerability explicitly > possible because of the open source model. Had CocoaPods not been > available on github it would have been possible to exploit as easily > or at all. Such level-headed nuance is to be ignored, because: troll. -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR