Attackers could access financial information, medical records and private material!
A serious vulnerability in CocoaPods, an open-source repository widely used by iOS and macOS developers, puts millions of apps at risk.according to a study conducted by EVA Information Security. This fault could allow attackers to access sensitive user data, such as financial information, medical records and private documents.
According to information shared by 9to5mac, The exploit affects approximately 3 million apps built with CocoaPods over the past 10 years..
Security flaw has been hidden for over a decade
According to EVA Information Security, Attackers could use the data for a variety of malicious purposes, including ransomware, fraud, blackmail, and industrial espionage.. However, alerting the CocoaPods could prevent major consequences:
After EVA researchers privately informed CocoaPods developers of the vulnerability, they removed all session keys to ensure that no one could access the accounts without first having control of the registered email address.
CocoaPods maintainers have also added a new procedure for recovering old orphaned pods that requires contacting the maintainers directly. At this point, an author would need to contact the company to resume one of these dependencies.
How can we solve it?
Considering the situation, Developers using CocoaPods should update to the latest version. Users are encouraged to carefully review the permissions they grant to apps and only download apps from trusted sources.
On par with the measurements in CocoaPods, Apple has been informed of the flaw and is working on a fix. However, until a definitive fix is released, users and developers should take steps to protect themselves.
It is not the first time…
The recent CocoaPods security breach, which put millions of iOS and macOS apps at risk, This is not an isolated incident.
In 2021, another security issue had already been detected in this open source repository. At the time, the vulnerability allowed attackers to execute arbitrary code on CocoaPods servers, giving them the ability to replace legitimate packages with malicious versions. This malicious code could have been introduced into iOS and Mac apps, putting user data at risk.
This situation underlines the importance of maintaining constant vigilance over the security of software development tools. Developers and businesses should take steps to prevent future attacks through stricter security controls, such as regular security audits.
You can follow iPadized on Facebook, WhatsApp, Twitter (X) or check out our Telegram channel to stay up to date with the latest tech news.
Table of Contents
