Thousands of iOS apps could be at risk because of an open source vulnerability
The research team of EVA Information Security, a cybersecurity and testing company in Israel, discovered a vulnerability in open source software Cocoapods that could put applications such as Facebook, TikTok, Netflix on iOS and macOS at risk of being attacked. labour.
Cocoapods is a widely used dependency manager for software projects coded in Swift and Objective-C programming languages.
Dependency Manager is an important tool in the software development process, allowing authentication and cryptographic signing of software packages.
Therefore, problems with Cocoapods will negatively affect many parts of the software or the web.
According to EVA Information Security, the vulnerability is the result of an uneven Cocoapods server migration process and may have existed since 2014, causing thousands of software library packages to no longer link to the original file and not origin can be traced.
This loophole allows attackers to replace the original source code with their own malicious code into the developer's software development tools. Because it went undetected for so long, it's possible that thousands of apps and millions of devices have been exposed over the years.
Hackers can take advantage of vulnerabilities to install ransomware or other types of malicious code into applications that have access to sensitive user information and collect them.
Also according to the research team, most iOS and macOS applications are coded in Swift and Objective-C languages, including popular names such as TikTok, Snapchat, LinkedIn, Netflix, Microsoft Teams, Facebook, Messenger . Therefore, the vulnerability in open source software Cocoapods could affect thousands of applications and "an attack on the mobile application ecosystem could infect most Apple devices, causing thousands of organizations to affected position.
According to the research team, Cocoapods has now patched the above errors. But the fact that they have gone undetected for nearly a decade is a cause for concern. The group recommends that developers review their product source code to determine whether the software is contaminated with errors.
Apple has not commented on this serious discovery.
You should read it
- What is open source software?
- What is the difference between open source software and closed source software?
- How to Become an Open Source Enthusiast
- Warning: The number of vulnerabilities in open source software are increasing rapidly
- Can open source technology make money?
- 10 things to know about open source software
- Microsoft unexpectedly shared 60,000 free software patents
- 10 best open source web browsers
- The dominance of open source software (P.1)
- What is source code? Learn about Source Code
- 15 open source tools or to 'manage' Windows
- Cisco Linksys WRT160NL - 'toy' specifically for open source people
Maybe you are interested
Top 5 best sound quality enhancement software for PC
What will the future of AI in creative software look like in 2025?
How to cut MP3 music without using software, export MP3 file
If your PC is running slow after installing antivirus software, here's how to fix it!
How to download Lien Quan Mobile for PC using emulator software
Top 5 best video to mp3 converter software today