1. Forum
  2. Usenet
  3. COMP.MOBILE.IPAD

  • Re: Almost every iOS & macOS app has had huge vulnerabilities for over

    From Jolly Roger@21:1/5 to Chris on Wed Jul 3 15:46:32 2024
    XPost: uk.telecom.mobile, misc.phone.mobile.iphone, comp.sys.mac.system

    On 2024-07-03, Chris <ithinkiam@gmail.com> wrote:
    Peter <confused@nospam.net> wrote:
    A near inconceivable number of Apple iPhone & macOS apps have been
    exposed to critical vulnerabilities in a popular dependency manager
    for over 10 Years such that over three million CocoaPods-built iOS
    and macOS apps have been vulnerable for over a decade, unbeknownst to
    Apple & its test teams.

    This is very concerning, however the bit you omitted is that these vulnerabilities were patched late last year.

    The most important thing people can do is keep their apps and iOS up
    to date. And maybe reconsider using apps that haven't been updated
    since October 2023.

    It's also worth mentioning that this was a vulnerability explicitly
    possible because of the open source model. Had CocoaPods not been
    available on github it would have been possible to exploit as easily
    or at all.

    Such level-headed nuance is to be ignored, because: troll.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From david@21:1/5 to Jolly Roger on Wed Jul 3 10:00:22 2024
    XPost: uk.telecom.mobile, misc.phone.mobile.iphone, comp.sys.mac.system

    Using <news:lela2oF7jrrU1@mid.individual.net>, Jolly Roger wrote:

    Such level-headed nuance is to be ignored

    Except that he was wrong and even if he had been correct for you to advise vulnerabilities in open source code should be ignored is just plain stupid.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jolly Roger@21:1/5 to david on Wed Jul 3 18:30:47 2024
    XPost: uk.telecom.mobile, misc.phone.mobile.iphone, comp.sys.mac.system

    On 2024-07-03, david <this@is.invalid> wrote:
    Using <news:lela2oF7jrrU1@mid.individual.net>, Jolly Roger wrote:

    Such level-headed nuance is to be ignored

    Except that he was wrong

    Nothing he said is wrong, and the fact that you trimmed what he said
    from your reply shows what a cowardly troll you are, little Arlen.

    and even if he had been correct

    He is correct.

    for you to advise vulnerabilities in open source code should be
    ignored

    Yet again, you lie - I never said that, which is a matter of record.

    is just plain stupid.

    Projection from a stupid zealot.

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)