Over 3 Million iOS and macOS Apps Face Security Risks Due to CocoaPods Vulnerabilities

TapTechNews July 2nd news, Approximately 3 million iOS and macOS applications have security risks, and attackers can use vulnerabilities to add malicious code.

E.V.A information security researchers ReefSpektor and EranVaknin released a blog post today, indicating that 3 security vulnerabilities have been found in the CocoaPods dependency manager, and malicious attackers can insert malicious code into mainstream iOS and macOS applications. TapTechNews attaches the vulnerability information as follows:

CVE-2024-38368 (CVSS score: 9.3)

CVE-2024-38367 (CVSS score: 8.2)

CVE-2024-38366 (CVSS score: 10.0)

CocoaPods is a repository of open source Swift and Objective-C projects, and many developers use CocoaPods to add and manage external libraries (pods).

There are more than 100,000 pods on this platform, and more than 3 million applications use it, including applications such as Instagram, X, Slack, AirBnB, Tinder, and Uber.

E.V.A CEO and co-founder AlonBoxiner said: 'The impact of these vulnerabilities is staggering. Due to the huge usage of CocoaPods, we don't even know how to count (the number of affected applications)'.