Decade-long CocoaPods vulnerabilities exposed Apple users to potential security risks

02-July-24

Security researchers at E.V.A Information Security Ltd. have exposed decade-long vulnerabilities in CocoaPods, a dependency manager for MacOS and iOS apps, which have now been patched. CocoaPods, used in over 3 million apps, simplifies integrating third-party libraries but had flaws that allowed attackers to claim unclaimed pods and insert malicious code. This could have compromised nearly every Apple device and posed significant risks to organizations. The vulnerabilities, which included potential remote code execution, have been fixed, and developers are urged to verify dependencies and update their COCOAPODS_TRUNK_TOKEN to enhance security.

Read More…