According to the latest reports from foreign media, approximately 3 million ios and macos applications worldwide face serious security risks. The root cause of this problem lies in three serious security vulnerabilities discovered in cocoapods, a well-known open source dependency manager. Once these vulnerabilities are exploited by malicious attackers, they may insert malicious code into these mainstream applications, posing a potential threat to the majority of users.
cocoapods, as an open source repository for Swift and Objective-C projects, has always been favored by developers. Through it, developers can easily add and manage various external libraries (pods). However, this security breach has plunged the platform into an unprecedented crisis.
It is reported that there are more than 100,000 pods on the cocoapods platform and have been used by more than 3 million applications, including well-known applications such as instagram, slack, airbnb, tinder and uber. The user base of these applications is huge, and once they are attacked, the consequences will be disastrous. After discovering these vulnerabilities, the
e.v.a information security research team quickly published relevant blog posts to disclose them. Researchers Reef Spektor and Eran Vaknin on the team said that the existence of these vulnerabilities gives attackers an opportunity to implant malicious code into these applications without user consent. Alon Boxiner, CEO and co-founder of
e.v.a, said: "The impact of these vulnerabilities is staggering. Due to the huge use of cocoapods, we can't even accurately count how many applications are affected." He appealed Developers update and fix these vulnerabilities as soon as possible to ensure user safety. Currently, cocoapods officials are aware of the seriousness of the problem and are actively seeking solutions.
(8813429)
