The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.