In short, all applications that use the Sparkle Updater framework andĪre connecting over HTTP instead of a secure HTTPS connection are vulnerable. The newest version of the Sparkle Updater is already available, and it addressesĭescribed vulnerabilities. That, it doesn't require the MITM attack anymore. Key, without modifying application binary on the server and over https. It's possible even without knowing the private DSA Server that allows replacing XML file, it can target all people through As a result, if there is a security flaw on the The second one is the risk of parsing file://, ftp:// and other protocols The default configuration ( http) which is unsafe and leads to RCE over MITM We have two different vulnerabilities here. In the previous version of the Sparkle Updater framework, and it's not a partįurthermore, I can confirm that Pixelmator is not vulnerable, and they discontinued Mentioned vulnerability is not present in the updater built into OS X. The ability to modify unencrypted HTTP traffic (XML response). It exists due to theįunctionality provided by the WebKit view that allows JavaScript execution and The vulnerability is not in code signing itself. Version of the software, though it should work with previous versions too. I've tested on both OS X 10.10 (Yosemite) and 10.11 (El Capitan) with the latest Have found a vulnerability which allows an attacker take control of another Revealed that we have many insecure applications in the wild. Tested a few applications working under Mac OS X. Lately, I was doing research connected with different updating strategies, and I
#Test your mac for vunerabilites mac os x#
How I discovered a vulnerability in hundreds of Mac OS X applications ← All posts How I discovered a vulnerability in hundreds of Mac OS X applications January 29, 2016
0 kommentar(er)
