Millions of iPhone and Mac Apps Left Vulnerable to Security Breach, Reveals Security Firm

Millions of iPhone and Mac Apps Left Vulnerable to Security Breach, Reveals Security Firm

According to a report from ArsTechnica, about three million iPhones and Mac apps are at risk from a security breach, citing research from EVA Information Security.

As a result, this exploit could allow attackers to sneak into the apps, potentially causing serious problems. The vulnerability was discovered in CocoaPods, a tool many developers use when creating apps for Apple devices.

According to what EVA Information Security disclosed, this security breach could let attackers gain access to iPhone or Mac apps and see sensitive information, including credit card details, medical records, and other confidential information. They could later use this data for ransomware, fraud, blackmail, or corporate espionage.

“In the process, it could expose companies to major legal liabilities and reputational risk,” said researchers from EVA Information Security.

The vulnerabilities stemmed from the email verification process used to verify developers of specific CocoaPods. Attackers could change the web address in a verification link to redirect to their malicious server. However, the good news is that CocoaPods has fixed this issue now.

Another issue allowed attackers to take control of abandoned pods that developers had stopped updating but were still used by apps. The interface that allowed developers to reclaim these pods remained active for nearly 10 years after it was first set up.

Researchers discovered that anyone who knew about this interface could use it to gain control over a pod without needing to prove they owned it. Furthermore, there was a third issue in which attackers could run their code on the trunk server.

If the security firm had not discovered and reported these bugs, there might have been worse consequences. However, the only good news is that CocoaPods has now addressed these vulnerabilities.

One thought on “Millions of iPhone and Mac Apps Left Vulnerable to Security Breach, Reveals Security Firm

  • As a developer I absolutely HATED working on any project using CocoaPods. Maybe it was just me but it was always a Royal PITA to get it to behave. Hopefully between this breach and the improvements that we have in Swift Package Manager it will finally be sent off to Silicon Hell where it belongs!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.