• AutoTL;DRB
    link
    fedilink
    English
    95 months ago

    This is the best summary I could come up with:


    Hackers could have added malicious code compromising the security of millions or billions of people who installed them, researchers said Monday.

    The vulnerabilities, which were fixed last October, resided in a “trunk” server used to manage CocoaPods, a repository for open source Swift and Objective-C projects that roughly 3 million macOS and iOS apps depend on.

    “Injecting code into these applications could enable attackers to access this information for almost any malicious purpose imaginable—ransomware, fraud, blackmail, corporate espionage… In the process, it could expose companies to major legal liabilities and reputational risk.”

    The three vulnerabilities EVA discovered stem from an insecure verification email mechanism used to authenticate developers of individual pods.

    This vulnerability, tracked as CVE-2024-38367, resided in the session_controller class of the trunk server source code, which handles the session validation URL.

    The trunk server relies on RFC822 formalized in 1982 to verify the uniqueness of registered developer email addresses and check if they follow the correct format.


    The original article contains 498 words, the summary contains 159 words. Saved 68%. I’m a bot and I’m open source!

    • @NeoNachtwaechter
      link
      English
      -215 months ago

      billions of people

      Macos.

      iOS.

      Billions.

      LMAO!!

      • Rikudou_Sage
        link
        fedilink
        English
        125 months ago

        1.46 billions of iOS users as of 2023. And 100 million MacOS users.

        • 555
          link
          English
          15 months ago

          Could have!!