Article <v6c8sk$9fdv$1@solani.org>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <v6c8sk$9fdv$1@solani.org>

Deutsch English Français Italiano

<v6c8sk$9fdv$1@solani.org>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!feeds.phibee-telecom.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: badgolferman <REMOVETHISbadgolferman@gmail.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.apps
Subject: Re: Orphaned CodoPods are found in Apple software
Date: Sat, 6 Jul 2024 20:19:32 -0000 (UTC)
Message-ID: <v6c8sk$9fdv$1@solani.org>
References: <v6brna$16iit$1@news.samoylyk.net>
 <rzeiO.8448$pVB9.6500@fx34.iad>
 <v6c85a$17bja$1@news.samoylyk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 6 Jul 2024 20:19:32 -0000 (UTC)
Injection-Info: solani.org;
	logging-data="310719"; mail-complaints-to="abuse@news.solani.org"
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:PjsxwfF4WIJyW/HNPqLw/EKaUT0= sha1:8BlGVRUTaAzsZiwLdvQw4C60x+k=
X-User-ID: eJwFwQkBgAAIA8BKvAPjCLL+EbxLh2IrkIhkkmNkqsXZ9OlmtNi7cW2orzmPS0HCsAc/T/miqLO6bl3+A1F1FP8=
Bytes: 2405
Lines: 29

Wolf Greenblatt <wolf@greenblatt.net> wrote:
> On Sat, 6 Jul 2024 12:48:23 -0400, Alan Browne wrote:
> 
>> ... been asleep most of the week, huh?
> 
> How did you find out about this new hole found in millions of mac/iOs apps?
> 
> I was looking up Swift documentation for a project when all the hits by
> reverse date shows up to be about this vulnerability for mac/iOS apps.
> 
> https://forums.appleinsider.com/discussion/236916/vulnerabilities-found-in-swift-repository-left-millions-of-iphone-apps-exposed
> The open-source Swift and Objective-C repository, CocoaPods, had multiple
> vulnerabilities that left millions of iOS and macOS apps exposed for a
> decade
> 
> https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
> security flaws were uncovered in the CocoaPods dependency manager for Swift 
> 
> https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
> CocoaPods is an open source dependency manager for Swift
> 
> https://www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/
> CocoaPods is a dependency manager for Swift and Objective-C projects
> 
> The holes are so big they can't be avoided but why did Apple not find it?
> 

We’re being told it’s not Apple’s job to find security holes in other
peoples dependencies so it’s not their fault.