Deutsch English Français Italiano |
<v6c8sk$9fdv$1@solani.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!feeds.phibee-telecom.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: badgolferman <REMOVETHISbadgolferman@gmail.com> Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.apps Subject: Re: Orphaned CodoPods are found in Apple software Date: Sat, 6 Jul 2024 20:19:32 -0000 (UTC) Message-ID: <v6c8sk$9fdv$1@solani.org> References: <v6brna$16iit$1@news.samoylyk.net> <rzeiO.8448$pVB9.6500@fx34.iad> <v6c85a$17bja$1@news.samoylyk.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Sat, 6 Jul 2024 20:19:32 -0000 (UTC) Injection-Info: solani.org; logging-data="310719"; mail-complaints-to="abuse@news.solani.org" User-Agent: NewsTap/5.5 (iPhone/iPod Touch) Cancel-Lock: sha1:PjsxwfF4WIJyW/HNPqLw/EKaUT0= sha1:8BlGVRUTaAzsZiwLdvQw4C60x+k= X-User-ID: eJwFwQkBgAAIA8BKvAPjCLL+EbxLh2IrkIhkkmNkqsXZ9OlmtNi7cW2orzmPS0HCsAc/T/miqLO6bl3+A1F1FP8= Bytes: 2405 Lines: 29 Wolf Greenblatt <wolf@greenblatt.net> wrote: > On Sat, 6 Jul 2024 12:48:23 -0400, Alan Browne wrote: > >> ... been asleep most of the week, huh? > > How did you find out about this new hole found in millions of mac/iOs apps? > > I was looking up Swift documentation for a project when all the hits by > reverse date shows up to be about this vulnerability for mac/iOS apps. > > https://forums.appleinsider.com/discussion/236916/vulnerabilities-found-in-swift-repository-left-millions-of-iphone-apps-exposed > The open-source Swift and Objective-C repository, CocoaPods, had multiple > vulnerabilities that left millions of iOS and macOS apps exposed for a > decade > > https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html > security flaws were uncovered in the CocoaPods dependency manager for Swift > > https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods > CocoaPods is an open source dependency manager for Swift > > https://www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/ > CocoaPods is a dependency manager for Swift and Objective-C projects > > The holes are so big they can't be avoided but why did Apple not find it? > We’re being told it’s not Apple’s job to find security holes in other peoples dependencies so it’s not their fault.