Security News > 2024 > July > Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
2024-07-01 16:12
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and
News URL
https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
Related news
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)