Many of the most popular Mac OS X applications have been discovered recently να είναι ευάλωτες σε attacks man-in-the-middle (MiTM).
The vulnerability specifically targets applications that use Sparkle – a software Update third-party framework - and HTTP connections without encryption.
A security technician from Vulnsec, known as Radek, reported that the vulnerability works on both El Capitan as well as its predecessor, Yosemite.
The total number of applications affected is not known, but Radek estimates that the number is "huge":
- Camtasia 2 (v2.10.4)
- DuetDisplay (v1.5.2.4)
- uTorrent (v1.8.7)
- Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the tool reverse engineering “Hopper” as well as “DXO Optics Pro” are also vulnerable.
If you want to see the full list of applications that might be vulnerable to MITM attacks, the following link provides a list of applications that use Sparkle.
It is important to note, however, that not all these Mac applications are communicating via unencrypted HTTP connections, and that they do not all use the same (vulnerable) version of Sparkle.
The popular Adium chat program, for example, uses Sparkle but communicates via HTTPS.
If you are running an application that could be vulnerable, the best thing to do is to update it immediately.
See the list
https://github.com/sparkle-project/Sparkle/issues/717