Researcher finds Sparkle framework vulnerability, highlights popular apps that could be exploited

Posted by:
Date: Wednesday, February 10th, 2016, 08:31
Category: News, OS X, security, Software, Yosemite


Well, this is a mess.

A “huge” number of third-party Mac apps are under threat of man-in-the-middle attacks due to a recently discovered vulnerability in Sparkle, an open source framework used to facilitate software updates.

The flaw, which centered around a flawed WebKit rendering engine implementation found in certain Sparkle builds, is to blame for the newly discovered attack that allows malicious users to insert and execute JavaScript code when affected app check for software updates.

Along with a flawed Sparkle version, vulnerable apps must also be running an unencrypted HTTP channel to receive software updates from offsite servers. This can allow other users to capture network traffic and thereby run malicious code on a target computer. The exploit has been cited by a software engineer called “Radek”, who confirmed the exploit affects apps running on the latest versions of OS X 10.11 El Capitan and OS X 10.10 Yosemite.


Sonos to officially support Apple Music starting today

Posted by:
Date: Wednesday, February 10th, 2016, 07:15
Category: Apple Music, Hardware, News, Retail Store


Following its public beta last December, Sonos has announced that it will officially add support for Apple Music to its connected speaker lineup tomorrow, February 10th.

“We’re big fans of Sonos,” Apple senior vice president of internet software and services Eddy Cue said to BuzzFeed. “We’ve been looking forward to this.” When asked why Sonos didn’t support Apple Music from the start, especially considering it supported Beats Music, Cue explained that it took some time to get it right. “It’s important to get the integration right the first time out,” Cue said. “Apple has a high bar for this stuff; So does Sonos. Apple Music isn’t even 6 months old yet, so this really did not take much time at all.”