A security breach in CocoaPods, an open-source dependency manager for Swift and Objective-C coded applications, left thousands of packages vulnerable to supply chain attacks for nearly a decade. Israeli firm EVA Information Security discovered the issue, alerting users of the exposure of 1,870 unclaimed Pods on GitHub. This vulnerability, known as CVE-2024-38368, earned a high CVSS score due to orphaned Pods being affiliated with a default email address and a public API allowing unauthorized modifications. An additional vulnerability allowed for remote code execution on the Trunk server. While no evidence of exploitation has been found, the potential impact on iOS and macOS apps from major companies is concerning. CocoaPods has since patched the issues, but this incident underscores the risks of relying on open-source dependencies and the need for heightened security measures when using such tools.