Deutsch English Français Italiano |
<lelkjrF91g3U4@mid.individual.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Jolly Roger <jollyroger@pobox.com> Newsgroups: uk.telecom.mobile,misc.phone.mobile.iphone,comp.sys.mac.system Subject: Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade Date: 3 Jul 2024 18:46:19 GMT Organization: People for the Ethical Treatment of Pirates Lines: 33 Message-ID: <lelkjrF91g3U4@mid.individual.net> References: <v62o4t$22b9c$1@dont-email.me> <v62opd$45rh$3@solani.org> <v62pv9$16d01$1@matrix.hispagatos.org> <_ObhO.2$OXD2.1@fx47.iad> <v63v8b$4tnp$1@solani.org> <v645p3$2aclh$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: individual.net GTpaPCrYMhMpV/YuNWyiWw71RX/4WJqgbKR7niPsePsXDRMHOR Cancel-Lock: sha1:kXqRv87gUSkeIa9r73yejFpGwrY= sha256:r80PDzY13hmPTBIRg5R63S9rKBTerbT9MOyHxOTNwLM= Mail-Copies-To: nobody X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW< ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e up1/bO{=-) User-Agent: slrn/1.0.3 (Darwin) Bytes: 2619 On 2024-07-03, Chris <ithinkiam@gmail.com> wrote: > badgolferman <REMOVETHISbadgolferman@gmail.com> wrote: >> Alan Browne <bitbucket@blackhole.com> wrote: >>> >>> I scanned those quickly and don't see any mention that the >>> vulnerability was actually exploited. Hope it wasn't. >>> >>> Good thing CocoaPods have fixed the issue. >>> >>> It is another indication that dependencies or services managed by a >>> third party can be a huge risk for developers and clients. >>> Convenient, easy and cheap to have these things 3rd party managed - >>> but their issues become everyone's issues. >> >> I’ve always heard open source software is better because people can >> actually find vulnerabilities or back doors in them to report. > > And for black hats to find them and exploit them. Not to mention malicious actors insert back doors into open source software undetected all of the time - some recent examples: <https://www.infosecurity-magazine.com/news/backdoor-xz-utils-linux-open-source/> <https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/> <https://cyberscoop.com/bootstrap-sass-infected-snyk-rubygems/> -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR