Several security researchers have identified a flaw with older versions of the software updater Sparkle. This was commonly used by certain iterations of Mac apps like uTorrent, Camtasia and Sketch that leaves them vulnerable to man-in-the-middle attacks.
Attackers can exploit the vulnerability in certain apps that use both the identified versions of Sparkle to send and receive updates, as well as an unencrypted HTTP channel, to install malicious code on your machine.
This would typically be done over an unsecured Wi-Fi network and the researchers found this is even the case if you’re using the latest version of Mac OS.
A confirmed list of vulnerable apps seen by Ars Technica includes Camtasia 2 v2.10.4, uTorrent v1.8.7, Sketch v3.5.1 and DuetDisplay v1.5.2.4, but one of the researchers said the numbers affected could be "huge."
Attackers can exploit the vulnerability in certain apps that use both the identified versions of Sparkle to send and receive updates, as well as an unencrypted HTTP channel, to install malicious code on your machine.
This would typically be done over an unsecured Wi-Fi network and the researchers found this is even the case if you’re using the latest version of Mac OS.
A confirmed list of vulnerable apps seen by Ars Technica includes Camtasia 2 v2.10.4, uTorrent v1.8.7, Sketch v3.5.1 and DuetDisplay v1.5.2.4, but one of the researchers said the numbers affected could be "huge."
No comments:
Post a Comment