Millions of iOS and macOS apps have been exposed to a security breach that could be used for potential supply-chain attacks, says an ArsTechnica report based on research by EVA Information Security. The exploit was found in CocoaPods, an open-source repository used by many popular apps developed for Apple platforms.
Exploit found in CocoaPods affected iOS and macOS apps
According to the report, around 3 million iOS and macOS apps that were built with CocoaPods have been vulnerable for around 10 years. For those unfamiliar, CocoaPods makes it easy for developers to integrate third-party code into their apps through open-source libraries. When a library is updated, apps using it automatically get the latest updates.
EVA Information Security revealed that the exploit could lead attackers to access sensitive app data such as credit card details, medical records, and private material. The data could be used for a number of malicious purposes, including…
Source 9to5mac.com