Head Topics

'Almost every Apple device' vulnerable to CocoaPods supply chain attack

日本 ニュース ニュース

'Almost every Apple device' vulnerable to CocoaPods supply chain attack
日本 最新ニュース,日本 見出し
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 49 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 23%
  • Publisher: 61%

Dependency manager used in millions of apps leaves a bitter taste

CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks on iOS and macOS apps, according to security researchers.. EVA claims CocoaPods in 2014 migrated all"Pods" – a file describing a project's dependencies – to a new"Trunk server" on GitHub.

CocoaPods authenticates new devices using an email sent to users who request a session, the researchers noted – but authentication doesn't rely on anything but a client verifying their email address by clicking a link. Here's where the zero-click comes in: Because email scanning services check links to compare them to known phishing templates, the researchers observed that automated tools end up following the link and transmitting the session token on a targeted user's behalf. Oops.

The researchers noted that they actually used the method"to take over the owner accounts of some of the most popular CocoaPods packages," which"we could have used … for highly damaging supply chain attacks that could impact the entire Apple ecosystem.""The worst case scenario is that an attacker could have used this technique to get access to our trunk database," Orta Therox, a volunteer on the CocoaPods project, wrote in October.

このニュースをすぐに読めるように要約しました。ニュースに興味がある場合は、ここで全文を読むことができます。 続きを読む:

TheRegister /  🏆 67. in UK

日本 最新ニュース, 日本 見出し

Similar News:他のニュース ソースから収集した、これに似たニュース記事を読むこともできます。

At Apple, AI stands for 'Apple Intelligence' – and it's coming to everythingAt Apple, AI stands for 'Apple Intelligence' – and it's coming to everythingCupertino promises private smarts, on-device or in the cloud
続きを読む »

Major Euro 2024 rule change puts almost every England player at risk during Serbia matchMajor Euro 2024 rule change puts almost every England player at risk during Serbia matchThe Euros rule change means that all players risk being sent off during the tournament.
続きを読む »

Met Office predicts rain for almost every day of this year's DownloadMet Office predicts rain for almost every day of this year's DownloadVisitors should pack waterproofs as there is expected to be rain throughout the weekend
続きを読む »

One of Scotland's 'most magnificent homes' hits market for almost £2 millionOne of Scotland's 'most magnificent homes' hits market for almost £2 millionAn incredible Scottish mansion that has been called one of the country's 'most magnificent period homes' has just gone up for sale, and it looks like it would make for a spectacular family home.
続きを読む »

Supermarket almost as cheap as Aldi and Lidl for key essentials over last monthSupermarket almost as cheap as Aldi and Lidl for key essentials over last monthThe retailer is now working out cheaper than Morrisons, Sainsbury's and Tesco for these groceries
続きを読む »

Almost 500 fines slapped on Glasgow people for dumping rubbish over last yearAlmost 500 fines slapped on Glasgow people for dumping rubbish over last yearA councillor has called for higher fines for flytippers
続きを読む »



Render Time: 2025-08-29 23:19:51