cocoapods
Safeguard articles tagged "cocoapods" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Securing mobile app dependencies: CocoaPods and Gradle
CocoaPods and Gradle power millions of mobile apps. See how orphaned pods, build-script RCE, and dependency confusion put them at real risk today.
CocoaPods supply chain security and Podfile.lock integrit...
A 2024 CocoaPods Trunk server flaw let attackers hijack orphaned pods and exposed a deeper gap: Podfile.lock never verified dependency integrity in the first place.
CocoaPods Trunk Server Remote Code Execution (CVE-2024-38...
CVE-2024-38366 exposed a critical remote code execution flaw in the CocoaPods trunk server, threatening the iOS dependency supply chain for years undetected.
CocoaPods Trunk Server Email Verification Bypass Enabling...
CVE-2024-38367 let attackers bypass email verification on the CocoaPods trunk server to take over pod owner accounts, threatening the iOS supply chain. Here's the impact and fix.
CocoaPods Orphaned Pod Takeover Vulnerability (CVE-2024-3...
CVE-2024-38368 let attackers claim orphaned CocoaPods and push malicious code into any iOS or macOS app still depending on them. Here is what to check.
CocoaPods trunk supply chain vulnerability report
Three CocoaPods trunk server flaws sat unpatched for a decade, exposing 1,866 orphaned pods to takeover. Here's what happened and how to defend your dependencies.
Malicious iOS SDKs and CocoaPods report
CocoaPods trunk server CVEs and the SourMint SDK scandal reveal how malicious iOS SDKs and pods slip past App Review for years.
Swift CocoaPods and SPM Security
Securing iOS and macOS dependencies with Swift Package Manager and CocoaPods, including checksum verification and source control.