Any software can have vulnerabilities. That's how the NSA
and Israeli spooks continue to churn out 0-days for their
spying... which then get used as malware by others.

This sounds worse mainly because Macs are widely believed
to be ultra-safe computers sprinkled with fairy dust. Aside from
artists who think (20 years out of date) that Macs are better for
artists, probably the second-most numerous Apple fans are the
ones who thought that Mac meant they didn't have to understand
ANYTHING about security.

The CocoaPods thing seems to have been in that glow of
magical protection that Macs are believed to have. But it's actually
a shared library system, used widely, with no one minding the store.
From reading the article it sounds like the equivalent on Windows
would be if programmers believed that anything with a "DLL" file
extension was tested and confirmed safe by Microsoft.

But we shouldn't get too smug. Most popular DLLs are dependent
on the reputation and security of the authors. The same is also
true for software programs. Unlike Macs, on Windows anyone can
write software and distribute it, using whatever tools they like. They're
not slaves to Cocoa and they don't have to pay Timmy Cook a kickback.
Very few such programmers are security experts. A surprising number
don't know what dependencies their software has. When you install
a program you're trusting that the author is not only honest but
also competent. But how competent can someone be when they don't
even know what libraries their software needs? ("It ran fine on my
computer, so I can't imagine what the problem is on your end.")

So the Windows "ecosystem" is probably less secure, but benefits
from being less ninny-headed. Nevertheless, if someone managed
to do something like replace ffmpeg or popular ZIP DLLs that are used
widely, that could result in massive malware infestations.

Linux is an interesting case. The number of versions and names of
support libraries is mind-boggling. When you update a program on
Linux it invariably wants 2 dozen libraries, and there's no backward
compatibility. It's not enough that you have wqkeeia v. 1.23.4567.
The new program MUST have v. 1.23.4568. And what's wqkeeia?
Who knows? The names are all like that. There's no hope of exercising
any control over what's on the system. It's so overcomplicated that
the OS itself is expected to manage software with a "package manager".

On the bright side, problems seem to be rare, probably because a
lot of talented programmers are overseeing Linux development. On the
other hand, unless you're a talented Linux developer you'd have zero
chance of catching malware, what with dripfeed updates happening
all the time to update mysterious things like wqkeeia. That's one
of the reasons that I avoid Linux. One is expected to trust in the
Rube Goldberg system of constantly changing beta software.

But once again, dripfeed updates have also become popular on
Windows. The bottom line is that computers were never designed to
be secure from advanced hacking. So you shouldn't feel safe with
any OS. Efforts like dripfeed updates are a mixed blessing that people
depend on erroneously for security.

Remember the Melissa virus? It was a simple VBScript written as a
prank by an office worker using MS Word. He was so inexperienced
that he didn't realize his name and ID were embedded in the infected
Word DOC, so he was exposed as not only a criminal but also a very
childish office worker. Melissa brought white collar business to a
standstill,
because everyone used Word and no one knew how to protect from
script in DOCs! They had never been attacked before.

VBScript got blackballed as unsafe. Yet people run piles of
javascript in webpages they visit. And PowerShell has also had
vulnerabilities. Executable code creates vulnerabilities. And now
malicious foreign entities, as well as numerous people in poor countries,
have very good reason to try to hack into your computer and try
to somehow scam some money. The world is full of starving peasants
who are immune to US and EU law enforcement, and see no reason
not to steal coins from the spoiled ruling class. Expect this to all get
much worse. Technophiliacs are creating a world that depends on
computers for nearly everything.