Max Justicz have found a remote code execution bug in the central CocoaPods server holding keys for the Specs repo (https://trunk.cocoapods.org/). CocoaPods is a popular package manager used by lots of iOS apps. This bug would have allowed an attacker to poison any package download. Keep calm, it's fixed now.

https://justi.cz/security/2021/04/20/cocoapods-rce.html