A news reported yesterday by ArsTechnica is alarming news that has Apple users worried. vulnerability revealed. The vulnerability came to light through research by cybersecurity research firm EVA Information Security.

According to the information received, it is clear that millions iOS and macOS apps It was a security breach that could be exploited for potential supply chain attacks. Although it was reported that this was fixed in October last year, it has been in effect since 2014, i.e.: 9 years It was reported to remain open.

It is believed that 3 million applications are affected by this

The security breach was based on the open-source repository used by many popular applications developed for Apple platforms. on CocoaPods found. The shortage; It was said that it could threaten dozens of major applications, from TikTok to Snapchat, from LinkedIn to Netflix, from Facebook to Microsoft Teams.

According to the report built with CocoaPods About 3 million iOS and macOS The app remained vulnerable for almost 10 years. It should be noted that CocoaPods makes it easy for developers to integrate third-party code into their applications via open source libraries.

EVA Information states that this vulnerability can be exploited by attackers. access credit card information, medical records, and other sensitive application data He added that the data could be used for many malicious purposes, from fraud to ransomware.

The vulnerabilities were related to an email authentication mechanism used by developers. For example, an attacker could modify the URLs in authentication links in such a way that they could be redirected to malicious servers. The CocoaPods team took the necessary steps after receiving the necessary information. There is no information on whether an attack has taken place.