'Almost every Apple device' vulnerable to CocoaPods supply chain attack | allinfosecnews.com

July 2, 2024, 7:32 a.m. | Brandon Vigliarolo

The Register - Security www.theregister.com

Dependency manager used in millions of apps leaves a bitter taste

CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade – thereby creating opportunities for supply chain attacks on iOS and macOS apps, according to security researchers.…

apple applications apps attack attacks bitter dependency device exposed ios manager millions opportunities packages supply supply chain supply chain attack supply chain attacks swift takeover vulnerable

More from www.theregister.com / The Register - Security

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown 14 hours ago | www.theregister.com

addresses china cobalt cobalt strike +12

Ransomware scum who hit Indonesian government apologizes, hands over encryption key 17 hours ago | www.theregister.com

actions brain center cipher +12

Traeger security bugs bad news for grillers with neighborly beef 1 day, 6 hours ago | www.theregister.com

bad bad news beef bugs +10

Affirm admits customer info pwned in ransomware raid at Evolve Bank 2 days, 10 hours ago | www.theregister.com

amp bank breach businesses +18

'Almost every Apple device' vulnerable to CocoaPods supply chain attack 2 days, 15 hours ago | www.theregister.com

apple applications apps attack +17

Baddies hijack Korean ERP vendor's update systems to spew malware 2 days, 17 hours ago | www.theregister.com

ahnlab andariel attack backdoor +15

Nasty regreSSHion bug in OpenSSH puts around 700K Linux boxes at risk 3 days, 9 hours ago | www.theregister.com

bug cve cve-2024 glibc +14

Juniper Networks flings out emergency patches for perfect 10 router vuln 3 days, 11 hours ago | www.theregister.com

critical critical vulnerability emergency hot +12

Poyfill.io claims reveal new cracks in supply chain, but how deep do they go? 3 days, 12 hours ago | www.theregister.com

bad bad actors can claims +15

Software Engineer

@ Booz Allen Hamilton | USA, VA, McLean (8283 Greensboro Dr, Hamilton)

View on infosec-jobs.com

SOC Level 1 Engineer

@ Groupon | Remote - India

View on infosec-jobs.com

Senior Technology Auditor (Continuous Process Monitoring)

@ CNA Insurance | US- IL40- Chicago-151N Frankln

View on infosec-jobs.com

Sr. Director, Tech Process Management (ES Risk)

@ Capital One | McLean, VA

View on infosec-jobs.com

AVP, Pre-Sales and Professional Services for Group Benefits & Affinity

@ Manulife | CAN, Ontario, Toronto, 250 Bloor Street East

View on infosec-jobs.com

Software Engineer III

@ Walmart | IN KA BANGALORE Home Office PW II

View on infosec-jobs.com