Mac Users Beware: A Bug in Sparkle Could Get You Hacked

Ads by Google

A lot of OS X applications use a framework called Sparkle to simplify automatic software updates for end users like you and me. Unfortunately, a recent vulnerability was spotted in Sparkle — one that could leave your system open to hackers.

The issue is that when an app checks for updates, it uses an unencrypted HTTP channel that can be hijacked. The vulnerability affects both OS X Yosemite and OS X El Capitan. Here’s a proof-of-concept in action:

Sparkle has already released a patch for their updater framework, but it’s still up to the individual app developers to update the versions of Sparkle used in their apps. In other words, the vulnerability only exists in apps using old versions of Sparkle.

So what should you do? First, check this list of apps using Sparkle and see if you have any of them installed on your system. If not, you’re clear and have nothing to worry about.

Otherwise, if you’re really paranoid, you should uninstall every Sparkle-based app you have until they release updated versions. The Sparkle security fix was released on February 4, so look for app updates that came out after that day.

If you aren’t so paranoid, then you can keep them installed but make sure you don’t connect to any unsecured Wi-Fi networks or public Wi-Fi networks as that’s how someone would take advantage of the vulnerability.

Do you have any Sparkle-based apps on your system? How often do you connect to unsecured or public Wi-Fi? Tell us about your wireless habits in the comments below!

Image Credit: MacBook by Marco Prati via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Best Anonymity Tools
Best Anonymity Tools
920 Members
Hacktivist Talk (We Won't Help U Hack!!!)
Hacktivist Talk (We Won't Help U Hack!!!)
750 Members
Windows Tips
Windows Tips
678 Members
Online Security Tips
Online Security Tips
412 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
401 Members
New Security Breaches
New Security Breaches
234 Members
Mac OS X & Software
Mac OS X & Software
172 Members
Mac Troubleshooting
Mac Troubleshooting
116 Members
Apple Hardware Discussion
Apple Hardware Discussion
106 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In