Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.apps > #47125

Re: Orphaned CodoPods are found in Apple software

From badgolferman <REMOVETHISbadgolferman@gmail.com>
Newsgroups misc.phone.mobile.iphone, comp.sys.mac.apps
Subject Re: Orphaned CodoPods are found in Apple software
Date 2024-07-06 20:19 +0000
Message-ID <v6c8sk$9fdv$1@solani.org> (permalink)
References <v6brna$16iit$1@news.samoylyk.net> <rzeiO.8448$pVB9.6500@fx34.iad> <v6c85a$17bja$1@news.samoylyk.net>

Cross-posted to 2 groups.

Show all headers | View raw

Wolf Greenblatt <wolf@greenblatt.net> wrote:
> On Sat, 6 Jul 2024 12:48:23 -0400, Alan Browne wrote:
> 
>> ... been asleep most of the week, huh?
> 
> How did you find out about this new hole found in millions of mac/iOs apps?
> 
> I was looking up Swift documentation for a project when all the hits by
> reverse date shows up to be about this vulnerability for mac/iOS apps.
> 
> https://forums.appleinsider.com/discussion/236916/vulnerabilities-found-in-swift-repository-left-millions-of-iphone-apps-exposed
> The open-source Swift and Objective-C repository, CocoaPods, had multiple
> vulnerabilities that left millions of iOS and macOS apps exposed for a
> decade
> 
> https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
> security flaws were uncovered in the CocoaPods dependency manager for Swift 
> 
> https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
> CocoaPods is an open source dependency manager for Swift
> 
> https://www.techrepublic.com/article/apple-applications-cocoapods-supply-chain-attack/
> CocoaPods is a dependency manager for Swift and Objective-C projects
> 
> The holes are so big they can't be avoided but why did Apple not find it?
> 

We’re being told it’s not Apple’s job to find security holes in other
peoples dependencies so it’s not their fault.

Back to comp.sys.mac.apps | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-06 12:34 -0400
  Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-06 12:48 -0400
    Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-06 16:07 -0400
      Re: Orphaned CodoPods are found in Apple software badgolferman <REMOVETHISbadgolferman@gmail.com> - 2024-07-06 20:19 +0000
        Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-06 21:28 +0000
          Re: Orphaned CodoPods are found in Apple software badgolferman <REMOVETHISbadgolferman@gmail.com> - 2024-07-06 23:17 +0000
            Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-06 19:45 -0400
              Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-06 16:49 -0700
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-06 19:56 -0400
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-07 02:04 +0000
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-06 22:19 -0700
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-07 07:38 -0400
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-08 14:57 +0000
                Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-08 21:04 +0000
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-08 17:29 -0700
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-09 08:08 -0400
                Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-08 03:07 +0000
              Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-07 02:02 +0000
              Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-07 07:37 -0400
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-07 15:06 -0400
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-07 12:07 -0700
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-07 19:30 +0000
                Re: Orphaned CodoPods are found in Apple software Silvano <Silvano@noncisonopernessuno.it> - 2024-07-07 16:37 -0400
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-07 14:20 -0700
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-07 17:53 -0400
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-08 00:13 +0000
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-08 14:57 +0000
                Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-08 03:06 +0000
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-07 17:51 -0400
                Re: Orphaned CodoPods are found in Apple software Chris <ithinkiam@gmail.com> - 2024-07-08 08:06 +0000
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-08 16:58 -0400
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-08 17:32 -0700
                Re: Orphaned CodoPods are found in Apple software Chris <ithinkiam@gmail.com> - 2024-07-09 11:56 +0100
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-09 09:29 -0400
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-09 15:20 +0000
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-09 12:42 -0400
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-09 10:49 -0700
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-09 18:27 +0000
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-10 19:12 -0400
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-09 18:25 +0000
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-09 09:00 -0700
                Re: Orphaned CodoPods are found in Apple software Chris <ithinkiam@gmail.com> - 2024-07-09 21:35 +0000
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-09 08:07 -0400
                Re: Orphaned CodoPods are found in Apple software Wolf Greenblatt <wolf@greenblatt.net> - 2024-07-09 09:26 -0400
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-09 09:03 -0700
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-09 12:51 -0400
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-09 12:48 -0400
                Re: Orphaned CodoPods are found in Apple software GLOBUS <odilo.globocnik@schutzstaffel.de> - 2024-07-16 23:33 -0400
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-17 14:37 -0400
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-18 18:57 -0400
                Re: Orphaned CodoPods are found in Apple software GLOBUS <odilo.globocnik@schutzstaffel.de> - 2024-07-18 20:14 -0400
                Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-19 10:42 -0400
            Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-07 02:01 +0000
              Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-08 12:45 -0700
              Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-08 02:32 +0000
                Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-08 14:59 +0000
                Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-08 20:51 +0000
                Re: Orphaned CodoPods are found in Apple software Alan <nuh-uh@nope.com> - 2024-07-08 13:53 -0700
      Re: Orphaned CodoPods are found in Apple software Alan Browne <bitbucket@blackhole.com> - 2024-07-06 16:20 -0400
      Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-06 21:28 +0000
        Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-07 02:47 +0000
          Re: Orphaned CodoPods are found in Apple software Jolly Roger <jollyroger@pobox.com> - 2024-07-07 03:21 +0000
            Re: Orphaned CodoPods are found in Apple software Andrew <andrew@spam.net> - 2024-07-07 06:33 +0000

csiph-web