If you have a Finder alternative like Path Finder, you can set it to handle.If you have anĬlient like Transmit installed, go into its preferences and set it as the default As just above, nag the devs of your apps to confirm they are set up to handle updates via Sparkle securely.Ĭlient installed, install and run Firefox once, to get it to handle ftp:// links.So, here’s what you can do from a practical perspective: Links, but Finder is where the vulnerability is. Having read a bunch of other posts, it appears this is not just a Sparkle problem, critical though that is, but rather a fundamental bug in OS X itself. People who aren’t sure if an app on their Mac is safe should consider avoiding unsecured Wi-Fi networks or using a virtual private network when doing so. Ping the developers on Twitter or via email… What you can doįirst, what you can do is keep after the developers of the apps you use, and keep your apps updated. … and so on, if you use different locations from the standard /Applications. find /Applications -path '*Autoupdate.app/Contents/ist' -exec echo ' \ | grep -v CFBundleShortVersionString There’s a big list of apps that use Sparkle, but rest assured, if you’re a Mac user, your apps are likely using it.Īrs technica user “ryanr” shows a Terminal command that can be used to list up what apps on your system are using Sparkle, and what version. Icon: The Sparkle Project Icon: The Sparkle Project Which of my apps use which version of Sparkle? Sparkle updated their code immediately to patch, in release 1.13.1, but developers using the framework have to do the work to update to 1.13.1, and make sure all connections are done over https. Here’s the original article with lots of technical detail. Apps using older Sparkle versions over http are vulnerableĪrs Technica posted a troubling article about the http man-in-the-middle security vulnerability that was discovered in the well-used Sparkle Framework. Many Mac app developers use the Sparkle framework for updating their apps, but a recent security vulnerability discovery puts your Mac at risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |