Month: July 2024

Enlarge / A test version of Firefly's Miranda engine fires up on a test stand in Briggs, Texas. (credit: Firefly Aerospace)

BRIGGS, Texas—The new medium-lift rocket under development by Firefly Aerospace and Northrop Grumman will eventually incorporate a recoverable booster that will return to its launch site in Virginia for reuse.

Firefly has previously suggested rocket reuse is on the roadmap for the new rocket—known, for now, only as the Medium Launch Vehicle (MLV)—but officials revealed new details of the plan during a recent visit by Ars to Firefly's rocket factory in rural Central Texas.

“Northrop and Firefly have a similar perspective and that is, for that class of rocket, reusability is a requirement for a bunch of reasons," said Bill Weber, Firefly's CEO. "Economically, it becomes an advantage because we don't have to go build additional floor space ... Similarly, the pricing structure for customers starts to get super competitive, which we absolutely love, and we’ll be right in the middle of.”

Enlarge (credit: Aurich Lawson)

Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to supply-chain attacks. Hackers could have added malicious code compromising the security of millions or billions of people who installed them, researchers said Monday.

The vulnerabilities, which were fixed last October, resided in a “trunk” server used to manage CocoaPods, a repository for open source Swift and Objective-C projects that roughly 3 million macOS and iOS apps depend on. When developers make changes to one of their “pods”—CocoaPods lingo for individual code packages—dependent apps typically incorporate them automatically through app updates, typically with no interaction required by end users.

Code injection vulnerabilities

“Many applications can access a user’s most sensitive information: credit card details, medical records, private materials, and more,” wrote researchers from EVA Information Security, the firm that discovered the vulnerability. “Injecting code into these applications could enable attackers to access this information for almost any malicious purpose imaginable—ransomware, fraud, blackmail, corporate espionage… In the process, it could expose companies to major legal liabilities and reputational risk.”