Reefspek

Name of the Vulnerable Software and Affected Versions: CocoaPods (affected versions not specified) Description: The issue concerns the CocoaPods dependency manager, specifically the authentication server trunk.cocoapods.org. A problem was found in the part of the trunk that verifies whether a user has a real email address on signup. It used an rfc-822 library that executes a shell command to validate the email domain MX records validity via a DNS MX lookup. This lookup could be manipulated to execute a command on the trunk server, giving root access to the server and infrastructure. The issue was patched server-side in September 2023 and triggered a full user-session reset, as an attacker could have used this method to write to any Podspec in trunk. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CocoaPods (affected versions not specified) Description: The issue is related to the CocoaPods dependency manager, specifically affecting older pods that migrated from the pre-2014 pull request workflow to trunk. If a pod had never been claimed, it was still possible to do so, and it was also possible to remove all owners from a pod, making it available for claiming. This vulnerability could allow an attacker to gain unauthorized access to protected information about some pods, modify their content, or replace it with arbitrary code. The estimated number of potentially affected devices is not explicitly stated, but it is mentioned that thousands of iOS and macOS apps could be impacted. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CocoaPods (affected versions not specified) Description: The issue is related to the authentication server for the CocoaPods dependency manager, where the trunk sessions verification step could be manipulated, allowing for owner session hijacking. This could result in a full takeover of the CocoaPods trunk account, enabling the threat actor to manipulate pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.