Israeli cybersecurity and testing company EVA Information Security has discovered a bug in Cocoapods, a widely used dependency manager for software projects coded in the Swift and Objective-C programming languages.
Dependency Manager is an important tool in software development, allowing for the validation and cryptographic signing of software packages. Therefore, a problem with such a tool can have a negative impact on many parts of the software or web.
According to EVA Information Security, the issue may have existed since 2014, and is the result of a botched Cocoapods server migration that left thousands of software library packages unlinked to their original source files and unable to trace their origins. This is a loophole that allows attackers to replace the original source code with their own malicious code.
"Due to system security shortcomings, these packages can be hijacked by bad guys and then used to inject malware into software development tools for developers. Because they were not detected for a long time, it means that thousands of applications and millions of devices have been exposed over the years," the company's representative stated.
With many apps having access to sensitive user information like credit cards, medical records, private documents, hackers can exploit vulnerabilities, install ransomware or other types of malware to collect them.
EVA Information Security believes that Apple is "at the center of the mess" when most iOS and macOS applications are coded in Swift and Objective-C languages, including popular names such as TikTok, Snapchat, LinkedIn, Netflix, Microsoft Teams, Facebook, Messenger.
As a result, thousands of apps on these platforms could be affected. An attack on the mobile app ecosystem could infect most Apple devices, leaving thousands of organizations vulnerable financially and reputationally.
The bugs have reportedly been patched by Cocoapods, but the fact that they went undiscovered for nearly a decade is a cause for concern. EVA Information Security recommends that developers review their product's source code to determine if their software is vulnerable.
Apple has not yet commented on the news.
Source: https://kinhtedothi.vn/canh-bao-lo-hong-nguy-hiem-tan-cong-he-dieu-hanh-ios.html
![[Photo] Ceremony to welcome General Secretary and President of China Xi Jinping on State visit to Vietnam](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/14/5318f8c5aa8540d28a5a65b0a1f70959)
![[Photo] Hanoi people warmly welcome Chinese General Secretary and President Xi Jinping on his State visit to Vietnam](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/14/d6ac6588b9324603b1c48a9df14d620c)
![[Photo] General Secretary To Lam holds talks with General Secretary and President of China Xi Jinping](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/14/b3d07714dc6b4831833b48e0385d75c1)
![[Photo] Prime Minister Pham Minh Chinh chairs conference to review the implementation of Resolution No. 18-NQ/TW](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/14/dcdb99e706e9448fb3fe81fec9cde410)
Comment (0)