Vulnerable too many Mac OS X applications


Many of the most popular Mac OS X apps have recently been discovered to be vulnerable to man-in-the-middle attacks (MiTM).lock Mac OS X

The vulnerability specifically targets applications that use Sparkle - a third-party software update framework - and HTTP connections without encryption.

A security technician from Vulnsec, known as Radek, reported that vulnerability works both in El Capitan and his predecessor, Yosemite.
The total number of applications affected is not known, but Radek estimates that the number is "huge":

  • Camtasia 2 (v2.10.4)
  • DuetDisplay (v1.5.2.4)
  • uTorrent (v1.8.7)
  • Sketch (v3.5.1)

In addition, security researcher Jonathan Zdziarski told Ars Technica that the "Hopper" reverse engineering tool as well as the "DXO Optics Pro" are also vulnerable.
If you want to see the full list of applications that might be vulnerable to MITM attacks, the following link provides a list of applications that use Sparkle.

It is important to note, however, that not all these Mac applications are communicating via unencrypted HTTP connections, and that they do not all use the same (vulnerable) version of Sparkle.
The popular Adium chat program, for example, uses Sparkle but communicates via HTTPS.
If you are running an application that could be vulnerable, the best thing to do is to update it immediately.

 

https://www.youtube.com/watch?v=16acap5hep4

See the list

https://github.com/sparkle-project/Sparkle/issues/717

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news