CocoaPods: Almost every Apple device vulnerable to flaws in dependency manager

Flaws were patched last October, having existed for 9 years

John Leonard
clock • 3 min read
CocoaPods: Almost every Apple device vulnerable to flaws in dependency manager
Image:

CocoaPods: Almost every Apple device vulnerable to flaws in dependency manager

CocoaPods, an open-source dependency manager used in over three million applications, has been found to contain several vulnerabilities that could allow malicious actors to claim ownership of thousands of unclaimed "pods" (libraries) and insert malicious code into many popular iOS and macOS apps, according to a report by EVA Security.

So ubiquitous is CocoaPods that, by exploiting these vulnerabilities, an attacker could potentially infect almost every Apple device, the researchers said. CocoaPods is a dependency manager for ...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Supply chain attacks are up, defences are patchy, report

Threats and Risks

Supply chain attacks are up, defences are patchy, report

Plenty of awareness, not so much effective action finds Checkmarx

clock 28 June 2024 • 3 min read
EU antitrust authorities flex muscles over Microsoft Teams and the Apple App Store

Legislation and Regulation

EU antitrust authorities flex muscles over Microsoft Teams and the Apple App Store

Apple and Microsoft face fines of 10% of annual global turnover over alleged anti-competitive behaviour

clock 26 June 2024 • 3 min read
EU Council cancels vote on controversial online child protection law - updated

Legislation and Regulation

EU Council cancels vote on controversial online child protection law - updated

Proposed legislation has sparked intense debate over privacy and encryption integrity

clock 20 June 2024 • 3 min read
John Leonard
Author spotlight

John Leonard

View profile
More from John Leonard

Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks, research

EU accuses Meta of violating competition rules with 'pay-or-consent'

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Threats and Risks

Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks, research
Threats and Risks

Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks, research

Attackers can proxy login pages removing mention of passkeys and prompting users to resort to passwords, finds eSentire

John Leonard
John Leonard
clock 04 July 2024 • 4 min read
Cobalt Strike servers disrupted in major cybercrime operation
Threats and Risks

Cobalt Strike servers disrupted in major cybercrime operation

'Operation MORPHEUS' targeted unlicensed versions of the legitimate security tool

Dev Kundaliya
clock 04 July 2024 • 3 min read
Intel processors threatened by new CPU side channel attack
Threats and Risks

Intel processors threatened by new CPU side channel attack

Exploits weaknesses in two key components

Dev Kundaliya
clock 03 July 2024 • 2 min read