ShiftDelete.net
FOLLOW US

Millions of iOS apps have suffered a security breach: Your personal data could be at risk!

A serious security breach was discovered in iOS and macOS apps. User data is at risk! Let's tell the details.

Millions of iOS apps have suffered a security breach: Your personal data could be at risk!

Millions of iOS and macOS apps are at risk from a vulnerability discovered by EVA Information Security that could be exploited for potential supply chain attacks. The vulnerability was found in CocoaPods, the open source repository where many popular apps are developed.

The vulnerability found in CocoaPods affects nearly 3 million iOS and macOS apps

CocoaPods is an open source library that makes it easy for developers to integrate third-party code into their applications. When a library is updated, apps that use it automatically receive the latest updates.

EVA Information Security revealed that this vulnerability could allow attackers to access sensitive application data such as credit card information, medical records, and even private material. This data can be used for many malicious purposes, including ransomware, fraud, blackmail and corporate espionage. And that’s a serious problem.

Vulnerability and actions taken

The vulnerabilities discovered were related to an insecure email verification mechanism used to verify individual library developers. For example, an attacker could redirect the URL in the verification link to a malicious server. The CocoaPods team has taken steps to fix these vulnerabilities.

After privately reporting the vulnerability to CocoaPods developers, EVA researchers scrubbed all session keys, ensuring that no one could access accounts without a registered email address.

CocoaPods administrators also added a new procedure for recovering old libraries. An author needs to contact the company to take over one of these libraries.

This is not the first time this has happened, in 2021 the project’s administrators confirmed a security issue that allowed CocoaPods repositories to run arbitrary code on the servers that manage them. This security issue could in turn be used to replace existing packages with malicious versions and inject that code into iOS and Mac apps.

Apple is already working on iOS 19: Here are the first details!

Apple is already working on iOS 19: Here are the first details!

Apple has started working on the iOS 19 update codenamed "Luck". New operating system updates are coming in 2025.

EVA researchers advise developers using CocoaPods in their apps to always review CocoaPods libraries and run security scans to detect malicious code in all external libraries.

This vulnerability, which could affect millions of iOS and macOS apps, once again demonstrates the importance of protecting user data. What do you think? Share your thoughts with us in the comments.

Apple
iOS
iPhone

SDN Comments 0 Comments

Comment

ADVERTISEMENT

Related News

Announcement from Nintendo: “Broken Wii U consoles will not be repaired”
Announcement from Nintendo: “Broken Wii U consoles will not be repaired”
Motorola Razr and Razr Plus 2023 finally receive Android update
Motorola Razr and Razr Plus 2023 finally receive Android update
Samsung Galaxy Buds 3 Pro, first appeared!
Samsung Galaxy Buds 3 Pro, first appeared!
3 series on Netflix that have received a perfect 100% score
3 series on Netflix that have received a perfect 100% score

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Co-Founder.Work Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio