Millions of iOS and macOS apps are at risk of potential supply-chain attacks due to a security breach found in CocoaPods, an open-source repository commonly used by developers for Apple platforms. Reports from ArsTechnica and research by EVA Information Security reveal that approximately 3 million apps built with CocoaPods have been vulnerable for a decade. The exploit could allow attackers to access sensitive data like credit card information and medical records, posing risks of ransomware, fraud, or corporate espionage. Vulnerabilities were linked to an insecure email verification mechanism used for authenticating developers of CocoaPod libraries. The CocoaPods team has taken steps to address the issues after being notified by EVA researchers. Developers are advised to review dependencies in CocoaPods and conduct security scans to detect any malicious code in external libraries to protect their apps from potential threats.