It has always been generally said that Apple is a company that takes care of its customers by having software that prevents all types of threats from entering their devices, whether from their cell phones or from their computers. iPhone even computers Mac which do not usually suffer from these problems. However, not everything is perfect, and recently there was a report in which the company compromised its customers with an oversight that affected many devices and therefore, some applications of the online store.
It has been reported that more than 3 million applications iOS and macOS were exposed to vulnerabilities for years without many realizing it. These undetected flaws left millions of apps susceptible to supply chain attacks for a decade. The vulnerabilities, patched in October last year, were present in a trunk server used to manage CocoaPodsa crucial repository for many programs.
The issue originated in an insecure email verification mechanism used to authenticate pod developers. An attacker could manipulate the verification link URL and redirect it to a server under their control. Another vulnerability allowed attackers to take control of pods abandoned by their developers, using them without requiring proof of ownership. A third allowed attackers to execute code on the trunk server using an RFC822-based verification procedure, exposing applications and their users to significant risks.
The vulnerabilities could have allowed malicious code to be injected into applications, exposing companies to significant legal liabilities and reputational risks. This issue underscores the importance of ongoing security and vigilance in technology systems, even for a company known for its focus on protecting its devices.
Via: Ars Technica
Author’s note: Certainly everyone can make a mistake from time to time, but whether it lasts for years is another matter, and is a concern given the size of the company.
#Apple #neglects #security #millions #devices
