CocoaPods flaws left iOS, macOS apps open to supply-chain attack

Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms.

One particular security weakness in the CocoaPods dependency manager created a mechanism for hackers to launch supply chain attacks, security researchers at EVA Information Security warned Monday.

Developers who relied on CocoaPods over recent years should verify …

apple applications apps attack attackers cocoapods code dependency dependency management developers development libraries and frameworks development tools door flaws ios ios security macos macos security malicious management manager platforms popular security software supply tool vulnerabilities weakness