MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
cocoapods
Recherche

CocoaPods flaws left iOS, macOS apps open to supply-chain attack

mardi 2 juillet 2024, 20:28 , par ComputerWorld
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms.

One particular security weakness in the CocoaPods dependency manager created a mechanism for hackers to launch supply chain attacks, security researchers at EVA Information Security warned Monday.

Developers who relied on CocoaPods over recent years should verify the integrity of open source dependencies in their code in response to these security weaknesses, EVA advised.

CocoaPods is an open-source dependency manager for Swift and Objective-C projects. Software developers use the technology to verify the integrity and authenticity of the components they’re using by ensuring the checksums and digital signatures of packages are all present and correct.
Lire la suite sur ComputerWorld
https://www.csoonline.com/article/2512935/cocoapods-flaws-left-ios-macos-apps-open-to-supply-chain-a...

Voir aussi

cocoapods YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server Slashdot14 Jul
security Nasty Spoofing Attack Resurrects Internet Explorer Vulnerability in Windows 10 and 11 Slashdot13 Jul
open Source code: The source of truth for securing the API attack surface  BetaNews13 Jul
developers For July, Microsoft’s Patch Tuesday update fixes four zero-day flaws ComputerWorld12 Jul
dependency India Antitrust Body Finds Apple Abused Dominant Position in Apps Market Slashdot12 Jul
apps Indonesia Says It Has Begun Recovering Data After Major Ransomware Attack Slashdot12 Jul
macos SAP's bid to woo open source community meets muted response TheRegister12 Jul
ios Best Windows apps this week BetaNews12 Jul
integrity Test Ultra Open Earbuds : des écouteurs Bose qui n’isolent de rien 01net12 Jul
verify Arm Announces an Open-Source Graphics Upscaler For Mobile Phones Slashdot12 Jul
eva Un projet open source mesure le CO2 émis chaque année par le transport aérien TooLinux12 Jul
attack Le projet open source Vitess passe déjà la 20e TooLinux12 Jul
left “Majority of websites and mobile apps use dark patterns” OS News11 Jul
flaws A man toured an open house and moved in with 4 kids two days later — without buying the home BoingBoing11 Jul
supply-chain Apple agrees to open up Apple Pay in Europe ComputerWorld11 Jul
cocoapods Japanese space agency spotted zero-day attacks while cleaning up attack on M365 TheRegister11 Jul
security Nouveau navigateur web, nouveau moteur open source : voici Ladybird TooLinux11 Jul
open FTC Study Finds 'Dark Patterns' Used By a Majority of Subscription Apps and Websites Slashdot11 Jul
developers AWS App Studio Promises To Generate Enterprise Apps From a Written Prompt Slashdot10 Jul
dependency Maxell launches OWS Pro Open Wireless Earhooks on Amazon BetaNews10 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 19 sept. - 03:22 CEST