Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.apps
Subject: Re: Orphaned CodoPods are found in Apple software
Date: 8 Jul 2024 14:57:56 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 24
Message-ID: <lf2d3kF6s7mU2@mid.individual.net>
References: <v6brna$16iit$1@news.samoylyk.net>
 <rzeiO.8448$pVB9.6500@fx34.iad> <v6c85a$17bja$1@news.samoylyk.net>
 <v6c8sk$9fdv$1@solani.org> <letr8cFge14U2@mid.individual.net>
 <v6cjb6$9l4b$1@solani.org> <v6ckup$186t1$1@news.samoylyk.net>
 <v6cl62$qsv$1@dont-email.me> <v6clj5$188a3$1@news.samoylyk.net>
 <i7viO.11484$6eV2.9842@fx12.iad>
 <v6fl4m$21bp$1@nnrp.usenet.blueworldhosting.com>
X-Trace: individual.net XT2Ab1jCkWP02KTLnEAQGQDGf2C0eff6+2SjZTM+OwxWLx3Jrw
Cancel-Lock: sha1:t918PWPVGKnMEC6beStnO7CiAPo= sha256:9nS7Sgu5/lDwuKdzmzNCY9ba+07DlHzkjxkiAPanL7Y=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
 dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
 ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
 up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
Bytes: 2114

On 2024-07-08, Andrew <andrew@spam.net> wrote:
> Alan Browne wrote on Sun, 7 Jul 2024 07:38:54 -0400 :
>
>> As explained:
>> 1. 3rd party tool/code base.
>> 2. Did any malicious code get released this way?  (to trigger Apple's 
>> malicious code detection).
>
> https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
>
> What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
> modify any of three million iOS/macOS apps at will - whenever they want?
>
> For ten years!

All of them:

https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR