PYMNTS SMB Instant Payments Deep Dive July 2024 Banner

Millions of Apple Apps Exposed to Potential Security Threat


Millions of Apple’s smartphone and computer/laptop apps were reportedly exposed to a security breach.

The breach could be used for potential supply chain attacks, ArsTechnica reported Wednesday (July 3), citing research from EVA Information Security.

The exploit was uncovered in CocoaPods, an open-source repository used by several popular apps for Apple platforms to integrate third-party code into the apps via open-source libraries, according to the report.

Around 3 million iOS and macOS apps that were built with CocoaPods have been vulnerable for around 10 years, the report said. The exploits could give hackers access to credit card information and medical records, opening people to fraud, blackmail, ransomware and other threats.

Once EVA informed CocoaPods developers about the vulnerability, “they wiped all session keys to ensure no one could access the accounts without first having control of the registered email address,” according to the report.

The news comes amid a host of reports of cyberattacks, such as one warned of by Microsoft last week.

The security vulnerability in artificial intelligence systems could pose a major threat to eCommerce platforms, financial services and customer support operations across industries, Microsoft said in a blog post as it revealed details of a technique called “Skeleton Key.” It can bypass ethical safeguards built into AI models businesses use worldwide.

The flaw could help malicious users manipulate AI systems to create harmful content, offer inaccurate financial advice or compromise customer data privacy.

The vulnerability impacts AI models from major providers that are widely used in commercial applications and raises concerns about the integrity of digital operations at online retailers, banks and customer service centers employing AI chatbots and recommendation engines.

Meanwhile, PYMNTS wrote last month about the Private Cloud Computer service introduced as part of Apple’s Apple Intelligence ecosystem. Speaking with PYMNTS following the launch, Yannik Schrade, CEO and co-founder of computing startup Arcium, called the service “the right step forward” in terms of data security.

“By leveraging hardware-based security measures such as Secure Boot and Secure Enclave Processors, Apple aims to provide a more secure environment for AI computations,” Schrade said. “This can increase business trust, encouraging the adoption of AI-driven analytics and data processing solutions within a more secure framework.”