Date: Wednesday, February 10th, 2016, 08:31
Category: News, OS X, security, Software, Yosemite
Well, this is a mess.
A “huge” number of third-party Mac apps are under threat of man-in-the-middle attacks due to a recently discovered vulnerability in Sparkle, an open source framework used to facilitate software updates.
Along with a flawed Sparkle version, vulnerable apps must also be running an unencrypted HTTP channel to receive software updates from offsite servers. This can allow other users to capture network traffic and thereby run malicious code on a target computer. The exploit has been cited by a software engineer called “Radek”, who confirmed the exploit affects apps running on the latest versions of OS X 10.11 El Capitan and OS X 10.10 Yosemite.