HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => iPhone/iPod/iPad News => Topic started by: HCK on February 12, 2016, 09:00:21 pm



Title: Sparkle updater vulnerability: What you need to know!
Post by: HCK on February 12, 2016, 09:00:21 pm
Sparkle updater vulnerability: What you need to know!

Third-party update service Sparkle, combined with insecure network protocols and parsing, leaves some OS X apps open to person-in-the-middle exploits. A vulnerability has been discovered in an open-source framework that many developers have been using to provide app update services for the Mac. That it exists at all is not good, but that it hasn't been used to perform any real world attacks "in the wild", and that developers can update to prevent it, means it's something you should know about but nothing you should go into red alert over, at least not yet. What's Sparkle? Sparkle is an open source project that many OS X apps turn to provide update functionality. Here's the official description: Sparkle is an easy-to-use software update framework for Mac applications. It delivers updates using appcasting, a term used to refer to the practice of using RSS to distribute update information and release notes. So, what's happening with Sparkle? Starting in late January, an engine...<br clear='all'/>

<a href="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/1/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/2/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/rc/3/rc.img" border="0"/>[/url]

<img src="http://da.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/a2.img" border="0"/> (http://da.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/a2.htm)<img width="1" height="1" src="http://pi.feedsportal.com/r/247391290019/u/49/f/616881/c/33998/s/4d88691e/sc/28/a2t.img" border="0"/><img width='1' height='1' src='(http://tipb.com.feedsportal.com/c/33998/f/616881/s/4d88691e/sc/28/mf.gif)' border='0'/>

Source: Sparkle updater vulnerability: What you need to know! (http://feedproxy.google.com/~r/TheIphoneBlog/~3/oJrf_9wlUqI/story01.htm)