Thousands of iOS apps could be at risk because of an open source vulnerability
The research team of EVA Information Security, a cybersecurity and testing company in Israel, discovered a vulnerability in open source software Cocoapods that could put applications such as Facebook, TikTok, Netflix on iOS and macOS at risk of being attacked. labour.
Cocoapods is a widely used dependency manager for software projects coded in Swift and Objective-C programming languages.
Dependency Manager is an important tool in the software development process, allowing authentication and cryptographic signing of software packages.
Therefore, problems with Cocoapods will negatively affect many parts of the software or the web.
According to EVA Information Security, the vulnerability is the result of an uneven Cocoapods server migration process and may have existed since 2014, causing thousands of software library packages to no longer link to the original file and not origin can be traced.
This loophole allows attackers to replace the original source code with their own malicious code into the developer's software development tools. Because it went undetected for so long, it's possible that thousands of apps and millions of devices have been exposed over the years.
Hackers can take advantage of vulnerabilities to install ransomware or other types of malicious code into applications that have access to sensitive user information and collect them.
Also according to the research team, most iOS and macOS applications are coded in Swift and Objective-C languages, including popular names such as TikTok, Snapchat, LinkedIn, Netflix, Microsoft Teams, Facebook, Messenger . Therefore, the vulnerability in open source software Cocoapods could affect thousands of applications and "an attack on the mobile application ecosystem could infect most Apple devices, causing thousands of organizations to affected position.
According to the research team, Cocoapods has now patched the above errors. But the fact that they have gone undetected for nearly a decade is a cause for concern. The group recommends that developers review their product source code to determine whether the software is contaminated with errors.
Apple has not commented on this serious discovery.
You should read it
- How to Become an Open Source Enthusiast
- Warning: The number of vulnerabilities in open source software are increasing rapidly
- Can open source technology make money?
- 10 things to know about open source software
- Microsoft unexpectedly shared 60,000 free software patents
- 10 best open source web browsers
- The dominance of open source software (P.1)
- What is source code? Learn about Source Code
May be interested
- Japan officially declared victory in the war on floppy disksjapan is one of the countries with the world's leading technological development, but there is a surprising thing that few people know: government agencies in this country are still requiring data to be stored or stored. submitted by floppy disk or cd.
- 10 best thin and light laptops of 2024the highlight of a laptop is that it can be carried everywhere. the lighter the portable accumulator, the more convenient it is to move. if you are looking for a thin, light laptop, this is the list you need to refer to.
- How to calculate right in every application on iPhonenow users can perform calculations right in any app without having to exit and then access the calculator app on ios 18.
- Google phone has 'Brick' error after resetmany smartphone users of the google pixel 6 series reported on forums and social networks that their devices became bricks and could not operate normally after restoring factory settings (reset).
- 7 changes in iOS 18 that Apple barely talked about at WWDC 2024ios 18 also includes many more interesting additions that apple did not highlight at the event. some of them may even change the way you use your iphone.
- Serious vulnerability in OpenSSH threatens millions of serversaccording to techradar, a serious security vulnerability called 'regresshion' (cve-2024-6387) has existed in openssh for more than 4 years and is threatening many servers around the world.