MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
cocoapods
Recherche

CocoaPods flaws left iOS, macOS apps open to supply-chain attack

mardi 2 juillet 2024, 20:28 , par ComputerWorld
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms.

One particular security weakness in the CocoaPods dependency manager created a mechanism for hackers to launch supply chain attacks, security researchers at EVA Information Security warned Monday.

Developers who relied on CocoaPods over recent years should verify the integrity of open source dependencies in their code in response to these security weaknesses, EVA advised.

CocoaPods is an open-source dependency manager for Swift and Objective-C projects. Software developers use the technology to verify the integrity and authenticity of the components they’re using by ensuring the checksums and digital signatures of packages are all present and correct.
https://www.csoonline.com/article/2512935/cocoapods-flaws-left-ios-macos-apps-open-to-supply-chain-a...

Voir aussi

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mar. 5 nov. - 09:38 CET