"Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks"

EVA Information Security, a red teaming company, has disclosed details about three vulnerabilities in the CocoaPods dependency manager that affect millions of macOS and iOS applications. CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects that has over 100,000 libraries and is used by about three million applications across the Apple ecosystem. Threat actors could have exploited the critical CocoaPods vulnerabilities to take control of thousands of orphaned packages, execute shell commands, and gain account access, potentially impacting millions of iOS and macOS applications. This article continues to discuss the critical CocoaPods flaws.

SecurityWeek reports "Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks"

Submitted by grigby1
 

Submitted by Gregory Rigby on