.webp)
A recent security analysis discovered critical vulnerabilities in CocoaPods, the widely used dependency management platform for Apple developers. These vulnerabilities pose significant risks to iOS and macOS apps, potentially allowing attackers to compromise user data and system integrity.
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection
CocoaPods is a platform allowing Apple developers to add and manage other libraries (called “pods”). It has 100,000+ libraries that are utilized by over three million apps, including the most popular worldwide.
A brief scan of its website finds bundles for Instagram, X, Slack, AirBnB, Tinder, and Uber, to name a few. This makes the pods excellent targets for hackers, and the CocoaPods platform, if it contains an underlying, platform-wide vulnerability, a veritable money pit.
According to research released recently by E.V.A Information Security, the CocoaPods platform has a trio of significant vulnerabilities. The most serious of them, CVE-2024-38366, a remote code execution (RCE) opportunity, received a critical 10 out of 10 CVSS rating. CVE-2024-38368, another notable fault caused by pods without owners, received a critical 9.3, while CVE-2024-38367, a session verification hijacking vulnerability, received an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.