Archive for February, 2016

Auto-Update Vulnerability in Sparkle

Wednesday, February 10th, 2016

A security vulnerability has been found in Sparkle, the framework used by many Mac applications to check for and download software updates automatically. Full details are at:

http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/

While some of our applications (like HistoryHound) are usingĀ older versions of the Sparkle framework at the moment, they all use encrypted HTTPS connections to check for and download updates, so there’s no chance of a man-in-the-middle attack, as described in the report.

So you can safely leave automatic update checking turned on in all of our products – it’s being done safely.

– Jon

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]