Path: ...!feeds.phibee-telecom.net!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Jolly Roger Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,uk.telecom.mobile Subject: Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade Date: 3 Jul 2024 18:39:21 GMT Organization: People for the Ethical Treatment of Pirates Lines: 24 Message-ID: References: <_ObhO.2$OXD2.1@fx47.iad> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: individual.net YSbuJcS8m1yDIs3Y+3bevQrxkYf40JrYlvJUXhZemjSerVNk1s Cancel-Lock: sha1:5UnYTY6aUGIfWtKg9bYMt4B91VU= sha256:iqCwgHbDosnU44xM7B+dGgOYctA1sbBX4L760aBqaFo= Mail-Copies-To: nobody X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1Y%b|b-Y~()~\t,LZ3e up1/bO{=-) User-Agent: slrn/1.0.3 (Darwin) Bytes: 2236 On 2024-07-03, badgolferman wrote: > Alan Browne wrote: >> >> I scanned those quickly and don't see any mention that the >> vulnerability was actually exploited. Hope it wasn't. >> >> Good thing CocoaPods have fixed the issue. >> >> It is another indication that dependencies or services managed by a >> third party can be a huge risk for developers and clients. >> Convenient, easy and cheap to have these things 3rd party managed - >> but their issues become everyone's issues. > > I’ve always heard open source software is better because people can > actually find vulnerabilities or back doors in them to report. That might be true if people didn't find and fix vulnerabilities in closed-source software every day. -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR