New Vulnerability Affects Third-Party Mac Apps

As noted by a bunch of reliable news websites, a wide number of third-party Mac apps are vulnerable to man-in-the-middle attacks. The vulnerability in Sparkle, an open source framework, which is used by many developers to make the update process easier, can let hackers execute malicious JavaScript code when the infected app or apps perform checks for updates. According to security researchers, uTorrent and a ‘huge’ number of other applications that are available outside the App Store are prone to the aforementioned vulnerability.

Along with a flawed Sparkle version, vulnerable apps must also be running an unencrypted HTTP channel to receive software updates from offsite servers. Nefarious users capable of capturing network traffic, perhaps over an unsecured Wi-Fi connection, can leverage the Sparkle exploit to run malicious code remotely on a target computer.

It is already confirmed that the exploit affects apps on OS X Yosemite and OS X El Capitan, so if you have this version of Apple’s operating system installed on your computer, be careful.

Apple is reportedly aware of the issue, but so far hasn’t commented on it.

[via AppleInsider]

Follow us on Twitter:     

| |


Leave a comment

Written by Andrey

Wednesday, February 10, 2016. 19:01

Leave a Reply

You can login with iPhoneRoot account here.