Virtually every single Apple device faced vulnerabilities through CocoaPods, with unclaimed pods susceptible to arbitrary code execution, posing risks of supply chain attacks.
CVE-2024-38368 allowed attackers to claim unclaimed pods by removing the original owners, while CVE-2024-38367 exploited authentication loopholes for full CocoaPods trunk account control.
Collection
[
|
...
]