EVA Information Security, a cybersecurity and testing company based in Israel, has discovered a vulnerability in Cocoapods, a widely used dependency manager for software projects coded in Swift and Objective-C.
Dependency Managers are crucial tools in software development, enabling validation and cryptographic signing of software packages. Therefore, problems with such a tool can negatively impact many parts of the software or website.
According to EVA Information Security, the problem may have existed since 2014, resulting from a clumsy migration of Cocoapods servers that caused thousands of software library packages to lose their original source code and become untraceable. This vulnerability allowed attackers to replace the original source code with their own malicious code.
A company representative stated: "Due to system security flaws, these packages could be hijacked by malicious actors and then used to inject malware into software development tools for developers. Because they went undetected for so long, this means thousands of applications and millions of devices have been exposed over the years."
With many applications having access to sensitive user information such as credit card details, medical records, and private documents, hackers can exploit vulnerabilities to install ransomware or other malware to collect this information.
EVA Information Security argues that Apple is "at the center of the mess" as the majority of iOS and macOS applications are coded using Swift and Objective-C, including popular names like TikTok, Snapchat, LinkedIn, Netflix, Microsoft Teams, Facebook, and Messenger.
Therefore, thousands of applications on these platforms could be affected. An attack on the mobile app ecosystem could infect most Apple devices, leaving thousands of organizations vulnerable financially and in terms of reputation.
Reportedly, these vulnerabilities have now been patched by Cocoapods, but the fact that they went undetected for nearly a decade is concerning. EVA Information Security advises developers to review their product source code to determine if their software is affected by these flaws.
Apple has not yet commented on the news.
Source: https://kinhtedothi.vn/canh-bao-lo-hong-nguy-hiem-tan-cong-he-dieu-hanh-ios.html
![[Photo] Two flights successfully landed and took off at Long Thanh Airport.](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F15%2F1765808718882_ndo_br_img-8897-resize-5807-jpg.webp&w=3840&q=75)
Comment (0)