Thousands of iOS apps could be at risk because of an open source vulnerability
The research team of EVA Information Security, a cybersecurity and testing company in Israel, discovered a vulnerability in open source software Cocoapods that could put applications such as Facebook, TikTok, Netflix on iOS and macOS at risk of being attacked. labour.
Cocoapods is a widely used dependency manager for software projects coded in Swift and Objective-C programming languages.
Dependency Manager is an important tool in the software development process, allowing authentication and cryptographic signing of software packages.
Therefore, problems with Cocoapods will negatively affect many parts of the software or the web.
According to EVA Information Security, the vulnerability is the result of an uneven Cocoapods server migration process and may have existed since 2014, causing thousands of software library packages to no longer link to the original file and not origin can be traced.
This loophole allows attackers to replace the original source code with their own malicious code into the developer's software development tools. Because it went undetected for so long, it's possible that thousands of apps and millions of devices have been exposed over the years.
Hackers can take advantage of vulnerabilities to install ransomware or other types of malicious code into applications that have access to sensitive user information and collect them.
Also according to the research team, most iOS and macOS applications are coded in Swift and Objective-C languages, including popular names such as TikTok, Snapchat, LinkedIn, Netflix, Microsoft Teams, Facebook, Messenger . Therefore, the vulnerability in open source software Cocoapods could affect thousands of applications and "an attack on the mobile application ecosystem could infect most Apple devices, causing thousands of organizations to affected position.
According to the research team, Cocoapods has now patched the above errors. But the fact that they have gone undetected for nearly a decade is a cause for concern. The group recommends that developers review their product source code to determine whether the software is contaminated with errors.
Apple has not commented on this serious discovery.
You should read it
- How to Become an Open Source Enthusiast
- Warning: The number of vulnerabilities in open source software are increasing rapidly
- Can open source technology make money?
- 10 things to know about open source software
- Microsoft unexpectedly shared 60,000 free software patents
- 10 best open source web browsers
- The dominance of open source software (P.1)
- What is source code? Learn about Source Code
May be interested
- How to install and use a vulnerability scanner in Linuxin this article, tipsmake.com will install openvas, an open source vulnerability scanning and management application, then run the first vulnerability scanning process.
- Cisco Linksys WRT160NL - 'toy' specifically for open source peoplebeing open-source who likes to use toxic goods, mr. nguyen scoured the place to find an open-source wi-fi device.
- What is the difference between open source software and closed source software?everything you see on the screen includes the language. someone wrote down words for your computer to understand. these words, or languages, are called codes.
- 10 things to know about open source softwarewith the aim of helping open source users stay alert, we think it will be helpful to list some things people should know about open source before using it.
- Is VirtualBox safe or a security risk?virtualbox is a popular open source virtualization program used by individuals and businesses. if you've tried creating virtual machines on a windows or linux system, you've probably used this tool already.
- Being 'used by many big companies', the developer manually broke the NPM colors.js and faker.js librariesrecently, applications using popular open source libraries like colors.js and faker.js have suddenly displayed meaningless and even corrupted data. this leaves app developers surprised and a little confused.
- Warning: The number of vulnerabilities in open source software are increasing rapidlybesides malware, spam emails or ddos attacks, vulnerabilities in open source software are also considered as one of the most significant security threats at the moment.
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worsea new windows search vulnerability can be exploited to automatically open a search window containing remotely hosted malicious executable files just by launching a word document.
- How to Become an Open Source Enthusiastthe open source software model is one that encourages freedom and collaboration. open source software (also known as free software and shouldn't be confused with freemium software or freeware) is often decentralized and managed by a...
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websitessecurity researchers have just disclosed a new vulnerability affecting three different wordpress plugins, posing a security risk to 84,000 websites. by exploiting this vulnerability, hackers can take control of the affected websites.