XPost: uk.telecom.mobile, misc.phone.mobile.iphone, comp.sys.mac.system   
   From: jollyroger@pobox.com   
      
   On 2024-07-03, Chris  wrote:   
   > Peter  wrote:   
   >> A near inconceivable number of Apple iPhone & macOS apps have been   
   >> exposed to critical vulnerabilities in a popular dependency manager   
   >> for over 10 Years such that over three million CocoaPods-built iOS   
   >> and macOS apps have been vulnerable for over a decade, unbeknownst to   
   >> Apple & its test teams.   
   >   
   > This is very concerning, however the bit you omitted is that these   
   > vulnerabilities were patched late last year.   
   >   
   > The most important thing people can do is keep their apps and iOS up   
   > to date. And maybe reconsider using apps that haven't been updated   
   > since October 2023.   
   >   
   > It's also worth mentioning that this was a vulnerability explicitly   
   > possible because of the open source model. Had CocoaPods not been   
   > available on github it would have been possible to exploit as easily   
   > or at all.   
      
   Such level-headed nuance is to be ignored, because: troll.   
      
   --   
   E-mail sent to this address may be devoured by my ravenous SPAM filter.   
   I often ignore posts from Google. Use a real news client instead.   
      
   JR   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)