(Image source: Ars Technica)
According to reports, a large number of Mac apps have been found to be susceptible to man-in-the-middle type attacks due to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates.
Attacks can take place when users are using an app with a vulnerable version of Sparkle over an unencrypted HTTP channel to receive updates from servers. When doing so, a hacker on the same network can inject malicious code into the communications. This attack is viable on both OS X El Capitan and Yosemite.
Amongst the apps said to be affect include uTorrent, Camtasia, and VLC. Fortunately, VLC has uploaded a new version that fixes this problem.
At this point, it is hard to pinpoint exactly which app is affected because even though a lot of apps make use of Sparkle, not all apps that use Sparkle are using the version that is vulnerable. However, users have compiled a list of apps that do use Sparkle here, and it is best to take note.
Finally, concerned users can protect themselves in the meantime by not using unsecured Wi-Fi networks or to do so only through a VPN.
Source: Ars Technica
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.