MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
cocoapods
Search

CocoaPods flaws left iOS, macOS apps open to supply-chain attack

Tuesday July 2, 2024. 08:28 PM , from ComputerWorld
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms.

One particular security weakness in the CocoaPods dependency manager created a mechanism for hackers to launch supply chain attacks, security researchers at EVA Information Security warned Monday.

Developers who relied on CocoaPods over recent years should verify the integrity of open source dependencies in their code in response to these security weaknesses, EVA advised.

CocoaPods is an open-source dependency manager for Swift and Objective-C projects. Software developers use the technology to verify the integrity and authenticity of the components they’re using by ensuring the checksums and digital signatures of packages are all present and correct.
Read more at ComputerWorld
https://www.csoonline.com/article/2512935/cocoapods-flaws-left-ios-macos-apps-open-to-supply-chain-a...

Related News

cocoapods YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server SlashdotJul 14
security Nasty Spoofing Attack Resurrects Internet Explorer Vulnerability in Windows 10 and 11 SlashdotJul 13
open Source code: The source of truth for securing the API attack surface  BetaNewsJul 13
developers For July, Microsoft’s Patch Tuesday update fixes four zero-day flaws ComputerWorldJul 12
dependency India Antitrust Body Finds Apple Abused Dominant Position in Apps Market SlashdotJul 12
apps Indonesia Says It Has Begun Recovering Data After Major Ransomware Attack SlashdotJul 12
macos SAP's bid to woo open source community meets muted response TheRegisterJul 12
ios Best Windows apps this week BetaNewsJul 12
integrity Arm Announces an Open-Source Graphics Upscaler For Mobile Phones SlashdotJul 12
verify “Majority of websites and mobile apps use dark patterns” OS NewsJul 11
eva A man toured an open house and moved in with 4 kids two days later — without buying the home BoingBoingJul 11
attack Apple agrees to open up Apple Pay in Europe ComputerWorldJul 11
left Japanese space agency spotted zero-day attacks while cleaning up attack on M365 TheRegisterJul 11
flaws FTC Study Finds 'Dark Patterns' Used By a Majority of Subscription Apps and Websites SlashdotJul 11
supply-chain AWS App Studio Promises To Generate Enterprise Apps From a Written Prompt SlashdotJul 10
cocoapods Maxell launches OWS Pro Open Wireless Earhooks on Amazon BetaNewsJul 10
security She Made $10,000 a Month Defrauding Apps like Uber and Instacart. Meet the Queen of the Rideshare Mafia Wired: Tech.Jul 10
open Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday TheRegisterJul 10
developers BlastRADIUS Attack Exposes Critical Flaw In 30-Year-Old RADIUS Protocol SlashdotJul 9
dependency Security pros use unauthorized SaaS apps despite the risk BetaNewsJul 9
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Sep, Mon 16 - 21:27 CEST