Mac Users Beware: A Bug in Sparkle Could Get You Hacked

Ads by Google

A lot of OS X applications use a framework called Sparkle to simplify automatic software updates for end users like you and me. Unfortunately, a recent vulnerability was spotted in Sparkle — one that could leave your system open to hackers.

The issue is that when an app checks for updates, it uses an unencrypted HTTP channel that can be hijacked. The vulnerability affects both OS X Yosemite and OS X El Capitan. Here’s a proof-of-concept in action:

Sparkle has already released a patch for their updater framework, but it’s still up to the individual app developers to update the versions of Sparkle used in their apps. In other words, the vulnerability only exists in apps using old versions of Sparkle.

So what should you do? First, check this list of apps using Sparkle and see if you have any of them installed on your system. If not, you’re clear and have nothing to worry about.

Otherwise, if you’re really paranoid, you should uninstall every Sparkle-based app you have until they release updated versions. The Sparkle security fix was released on February 4, so look for app updates that came out after that day.

If you aren’t so paranoid, then you can keep them installed but make sure you don’t connect to any unsecured Wi-Fi networks or public Wi-Fi networks as that’s how someone would take advantage of the vulnerability.

Do you have any Sparkle-based apps on your system? How often do you connect to unsecured or public Wi-Fi? Tell us about your wireless habits in the comments below!

Image Credit: MacBook by Marco Prati via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Stay Incognito On The Web
Stay Incognito On The Web
938 Members
Windows Tips
Windows Tips
539 Members
Online Security Tips
Online Security Tips
407 Members
Hacktivist Talk
Hacktivist Talk
308 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
288 Members
Mac OSX Tips & Issues
Mac OSX Tips & Issues
228 Members
New Security Breaches
New Security Breaches
197 Members
Mac Troubleshooting
Mac Troubleshooting
90 Members
Apple Hardware Discussion
Apple Hardware Discussion
71 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In