Pages: [1]   Go Down
  Print  
Author Topic: How updating your Mac's apps could allow man-in-the-middle attacks  (Read 535 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: February 11, 2016, 09:00:14 pm »

How updating your Mac's apps could allow man-in-the-middle attacks

<article>
   <section class="page">
<p>
The drumbeat of avoiding insecure “http” web connections beats every louder. A researcher disclosed several days ago a vulnerability hiding in plain sight with the Sparkle update framework for OS X Yosemite and El Capitan. Because Sparkle allows apps to update via non-encrypted web connections, the potential of sending malicious updates through man-in-the-middle attacks is quite high. But the attack works because of three separate OS X issues: executing JavaScript in WebKit views intended to show formatted text; mounting FTP servers on the desktop; and Gatekeeper not checking certain paths for and kinds of downloaded files. (Ars Technica reported first on the researcher’s post, which went up in late January.)</p><p class="jumpTag"><a href="/article/3031381/software/how-updating-your-macs-apps-could-allow-man-in-the-middle-attacks.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>

Source: How updating your Mac's apps could allow man-in-the-middle attacks
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: