Article <v645p3$2aclh$1@dont-email.me>

Deutsch English Français Italiano
<v645p3$2aclh$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!3.eu.feeder.erje.net!feeder.erje.net!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Chris <ithinkiam@gmail.com>
Newsgroups: uk.telecom.mobile,misc.phone.mobile.iphone,comp.sys.mac.system
Subject: Re: Almost every iOS & macOS app has had huge
 vulnerabilities for over a decade
Date: Wed, 3 Jul 2024 18:37:23 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 34
Message-ID: <v645p3$2aclh$1@dont-email.me>
References: <v62o4t$22b9c$1@dont-email.me>
 <v62opd$45rh$3@solani.org>
 <v62pv9$16d01$1@matrix.hispagatos.org>
 <_ObhO.2$OXD2.1@fx47.iad>
 <v63v8b$4tnp$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 03 Jul 2024 20:37:23 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="4888872de617c7c30132c9ac02eabe09";
	logging-data="2437809"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18DnGHCUGKMSebEwViJ7VaviTwCo8pPsHU="
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:mlU/0X7XVspWHBhzKlZFwen1vrA=
	sha1:ms9xb/j+eK499J4w5XY4T6HNW4k=
Bytes: 2763

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-07-03 02:09, Bill Powell wrote:
>> 
>>> Millions of iOS apps were exposed to security breach found in CocoaPods
>>> https://9to5mac.com/2024/07/02/ios-apps-security-breach-cocoapods/
>>> 
>>> Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain
>>> Attacks 
>>> https://www.securityweek.com/critical-cocoapods-flaws-exposed-many-ios-macos-apps-to-supply-chain-attacks/
>>> 
>>> 'Perfect 10' Apple Supply Chain Bug - Millions of Apps at Risk of CocoaPods
>>> RCE
>>> https://securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/
>>> 
>>> CocoaPods flaws left iOS, macOS apps open to supply-chain attack
>>> https://www.csoonline.com/article/2512935/cocoapods-flaws-left-ios-macos-apps-open-to-supply-chain-attack.html
>> 
>> I scanned those quickly and don't see any mention that the vulnerability 
>> was actually exploited.  Hope it wasn't.
>> 
>> Good thing CocoaPods have fixed the issue.
>> 
>> It is another indication that dependencies or services managed by a 
>> third party can be a huge risk for developers and clients.  Convenient, 
>> easy and cheap to have these things 3rd party managed - but their issues 
>> become everyone's issues.
>> 
> 
> I’ve always heard open source software is better because people can
> actually find vulnerabilities or back doors in them to report. 

And for black hats to find them and exploit them.