An E.V.A. Information Security researcher used a spoofed session validation token to take over a CocoaPods account. Image: E.V.A. Information Security The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.
![Microsoft may be the world's largest open source contributor, but developers don't care--yet - TechRepublic](https://cdn-ak-scissors.b.st-hatena.com/image/square/66e1aa709654748fc6c797e978af51f9f303a240/height=288;version=1;width=512/https%3A%2F%2Fwww.techrepublic.com%2Fa%2Ffly%2Fbundles%2Ftechrepubliccss%2Fimages%2Ftr-logo-large.png)