Mac Security

Mac Users Beware: A Bug in Sparkle Could Get You Hacked

Joel Lee 19-02-2016

A lot of OS X applications use a framework called Sparkle to simplify automatic software updates for end users like you and me. Unfortunately, a recent vulnerability was spotted in Sparkle — one that could leave your system open to hackers.


The issue is that when an app checks for updates, it uses an unencrypted HTTP channel that can be hijacked. The vulnerability affects both OS X Yosemite and OS X El Capitan. Here’s a proof-of-concept in action:

Sparkle has already released a patch for their updater framework, but it’s still up to the individual app developers to update the versions of Sparkle used in their apps. In other words, the vulnerability only exists in apps using old versions of Sparkle.

So what should you do? First, check this list of apps using Sparkle and see if you have any of them installed on your system. If not, you’re clear and have nothing to worry about.

Otherwise, if you’re really paranoid, you should uninstall every Sparkle-based app you have until they release updated versions. The Sparkle security fix was released on February 4, so look for app updates that came out after that day.

If you aren’t so paranoid, then you can keep them installed but make sure you don’t connect to any unsecured Wi-Fi networks 10 Common Misconceptions About Wireless Networks Today, we're going to bring networking to the forefront, and discuss 10 of the most widespread misconceptions about your home Wi-Fi network.  Read More or public Wi-Fi networks 3 Dangers Of Logging On To Public Wi-Fi You've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks? Read More as that’s how someone would take advantage of the vulnerability.


Do you have any Sparkle-based apps on your system? How often do you connect to unsecured or public Wi-Fi? Tell us about your wireless habits in the comments below!

Image Credit: MacBook by Marco Prati via Shutterstock

Related topics: Computer Security, Hacking, Online Security, OS X El Capitan, OS X Yosemite.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *