Article <v6g6mo$pqjo$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <v6g6mo$pqjo$1@dont-email.me>

Deutsch English Français Italiano

<v6g6mo$pqjo$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!2.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Chris <ithinkiam@gmail.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.apps
Subject: Re: Orphaned CodoPods are found in Apple software
Date: Mon, 8 Jul 2024 08:06:48 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 34
Message-ID: <v6g6mo$pqjo$1@dont-email.me>
References: <v6brna$16iit$1@news.samoylyk.net>
 <rzeiO.8448$pVB9.6500@fx34.iad>
 <v6c85a$17bja$1@news.samoylyk.net>
 <v6c8sk$9fdv$1@solani.org>
 <letr8cFge14U2@mid.individual.net>
 <v6cjb6$9l4b$1@solani.org>
 <v6ckup$186t1$1@news.samoylyk.net>
 <Z5viO.11483$6eV2.7178@fx12.iad>
 <v6eour$1copo$1@news.samoylyk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 08 Jul 2024 10:06:48 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="effaeb9d21dbd0aea9666f8d88857116";
	logging-data="846456"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+oyU1buk7UcQHxwzZSLTlmekPLkKxYKRc="
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:9T82gpAElRm/Uds56p99ZyNWI98=
	sha1:H79rvG9hdhf7J+hlfOWaVqumvf0=
Bytes: 2735

Wolf Greenblatt <wolf@greenblatt.net> wrote:
> On Sun, 7 Jul 2024 07:37:29 -0400, Alan Browne wrote:
> 
>>> Isn't Swift touted to be "safe by design" on Apple own corporate web pages?
>> 
>> You have 0 understanding of 3rd party toolchains and 3rd party code bases.
> 
> Probably very true. All I know is researchers found a flaw in millions of
> mac/iOS apps and Apple didn't find that same flaw even after a decade.

The point that's being missed is that no-one else spotted it either.
Despite existing for so long it was never exploited. 

This was specifically an error on the side of the people managing the
CocoaPods library. They should not have left orphan accounts open
indefinitely. 

> Shouldn't Apple care that millions of mac/iOS apps are vulnerable?

*were* vulnerable. It was fixed last year. It has only been reported
recently for obvious reasons. 

> The reports say that essentially every Apple owner is affected.

*was* (theoretically) affected. No-one was actually affected. 

> So why wouldn't Apple care to do what researchers did, only 10 years ago?

They do care, but the software ecosystem is very complex and Apple cannot
monitor every third party system developers around the world use. 

Your can guarantee they have been looking at this very carefully to see
what they can learn. Obviously being a secretive company we'll never know
what they've changed in response.