A serious vulnerability in CocoaPods, an open-source data repository widely used by iOS and macOS developers, has put millions of apps at riskAccording to research conducted by EVA Information Security. This error It could allow attackers to access sensitive user data, such as financial information, medical records and proprietary materials.

According to the information shared by 9to5mac, This exploit affects approximately 3 million apps built with CocoaPods over the last 10 years.

A security vulnerability has been hidden for more than a decade

According to EVA Information Security, Attackers can use data for a variety of malicious purposes, including ransomware, fraud, blackmail, and corporate espionage.But warning CocoaPods can prevent major consequences:

After EVA researchers privately notified CocoaPods developers of this vulnerability, they deleted all session keys to ensure that no one could access the accounts without control of the registered email address.

The CocoaPods maintainers have also added a new procedure for rescuing old orphaned pods, which requires contacting the maintainers directly. At that point, the author would need to contact the company to take over one of these dependencies.

How can it be solved?

Considering the situation, Developers using CocoaPods should update to the latest versionUsers are advised to carefully review the permissions they grant to apps and only download apps from trusted sources.

On par with the measurements on CocoaPods, Apple has been notified of the bug and is working on a fix. But until a definitive fix is ​​released, users and developers need to take steps to protect themselves.

This is not the first time…

The latest vulnerability in CocoaPods that puts millions of iOS and macOS apps at risk, This is not an isolated incident.

In 2021, another security issue was already detected in this open source repository. At the time, the vulnerability allowed attackers to run arbitrary code on CocoaPods servers, potentially replacing legitimate packages with malicious versions. This malicious code could have been embedded in iOS and Mac apps, putting user data at risk.

This situation highlights the importance of being constantly vigilant about the security of software development tools. Developers and companies need to take steps to prevent future attacks with stricter security controls, such as regular security audits.

You can follow iPadify yourself On Facebook, WhatsApp, Twitter (X) or check our Telegram channel to stay updated with the latest tech news.