CocoaPods maintainers disclosed and patched the vulnerabilities last October. At the time, they said they weren’t aware of any active attempts to exploit the vulnerabilities.

CocoaPods’ developers did not immediately respond to CSOonline’s request for comment. Developers are advised to review dependency lists and package managers used in their applications, ...

The CocoaPods vulnerabilities are a good reminder to developers and DevOps teams not to forget about dependency managers, which could be a potential weak link in supply chain security.

The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.

The exploit was found in CocoaPods, an open-source repository used by many popular apps developed for Apple platforms. Exploit found in CocoaPods affected iOS and macOS apps.

An example of a popular app that uses CocoaPods is Signal, a privacy-focused messaging app. A carefully planned attack against one of the dependencies used by Signal could potentially expose user ...

The CocoaPods team patched the vulnerabilities in the CocoaPods dependency manager after E.V.A researchers reported them to the open-source project earlier this year.