Millions of iPhone and Mac Apps Left Vulnerable to Security Breach | Laptop News

According to a report from ArsTechnica, about three million iPhones and Mac apps are at risk from a security breach, citing research from EVA Information Security.

As a result, this exploit could allow attackers to sneak into the apps, potentially causing serious problems. The vulnerability was discovered in CocoaPods, a tool many developers use when creating apps for Apple devices.

Going by what EVA Information Security disclosed, this security breach could let attackers get into iPhone or Mac apps and see sensitive information including credit card details, medical records, and other confidential stuff. Later, they could use this data for ransomware, fraud, blackmail, or corporate espionage.

“In the process, it could expose companies to major legal liabilities and reputational risk,” say researchers from EVA Information Security.

The vulnerabilities stemmed from the email verification process used to verify developers of specific CocoaPods. Attackers could change the web address in a verification link to go to their bad server. However, the good news is that CocoaPods has fixed this issue now.

Another issue allowed attackers to take control of abandoned pods that developers had stopped updating but were still used by apps. The interface that allowed developers to reclaim these pods was active for nearly 10 years after it was first set up.

Researchers discovered that anyone who knew about this interface could use it to gain control over a pod, without needing to prove they owned it. Furthermore, there was a third issue where attackers could run their code on the trunk server.

Had the security firm not discovered and reported these bugs, there might have been worse consequences. But the only good news so far is that CocoaPods has now addressed these…

 read more

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

Advertisement Amazon

Related Posts