Mac tool vulnerability exposes lots of apps to man-in-the-middle attacks

Mac tool vulnerability exposes lots of apps to man-in-the-middle attacks

shot_padlock

A security specialist has discovered a flaw in Sparkle, a third-party framework that Mac apps use to receive updates, which makes a man in the middle attack possible when unencrypted HTTP connections are used.

If the attacker has the ability to intercept the unencrypted data stream for example on a public Wi-Fi hotspot they could possibly inject malicious code.

The number of apps affected is unknown, but researchers believe there to be a significant number. Some of the known vulnerable apps are; Camtasia 2 v2.10.4, DuetDisplay v1.5.2.4, uTorrent v1.8.7, and Sketch v3.5.1. as well as Hopper reverse engineering tool and DXO Optics Pro, amongst many others.

However, not all apps that use Sparkle are susceptible, only ones that use HTTP instead of HTTPS and use a vulnerable version of Sparkle are at risk. Sparkle has issued an update, however the security specialist, Radek, who originally discovered the flaws warns in an email, that it is not a trivial process to apply it.

This process requires [a developer] to:

  • Download the newest version of Sparkle Updater
  • Check if new version of Sparkle is compatible with the app
  • Create some test cases, verify update and so on
  • Address this vulnerability and publish new version of the app

Now, this is the moment when people can check for an update and replace this particular app version on their Macs with the newest one.

It all depends on the complexity of an application, its size and maintainers. That’s the reason why some developers don’t want to update or can’t update Sparkle in their applications (quickly enough).

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

The Song of the Butterfly

While attending Everness Festival in Hungary we were invited by artist Istvan Sky Kék Égto to visit his Surya Sangíta Asram. There four beautiful souls met together and by improvising created the musical adventure you are witnessing now.
Music made by Collaboration of: Istvan Sky Kék Ég, Estas Tonne, Pablo Arellano, Indrė Kuliešiūtė.
Video made by Geri Dagys

More info about artists
Estas Tonne – http://estastonne.com
Pablo Arellano – http://pabloarellano.org
Istvan Sky Kék Ég – http://miracles.hu
Indrė Kuliešiūtė – http://facebook.com/kuliesiute.indre
Geri Dagys – http://abu2.com

my dreams

Seattle Dreams
Seattle Dreams (Photo credit: Wikipedia)

these recents dreams are a bit different

i am in my old house, with the extra hut in the massive garden.

and im secretly seeing a girl, whos actually living in that house now, the one i moved out from.

i dont know,

thats all i remember so far

but its a bit crazy

 

Lessons from a Shaman – Anlaranlamaz

A Powerful Habit I Learned From A Shaman

A few years ago, a shaman in Honduras taught me an extremely useful technique to dissolve stress and anxiety. It’s had a pretty profound effect on my life and today I’d like to share it with you.

Like much of the healing wisdom that comes from native cultures, this teaching began with an observation about nature.

http://anlaranlamaz.com/yazilar/lessons-from-a-shaman/

 

Ruzgar

her rüzgar ateş söndürmez
bazen rugzar ateşi alevlendirir
yeter ki ateş beslensin

her rüzgardan kaçmamalı
rüzgar bazen yelkenleri canlandırır
gidemediğin yönde seni itikler
yeterki bir yere varmak iste

her rüzgar üşütmez
rüzgar zaman zaman sıcak eser
fırtına öncesi o sıcak rüzgar
gelecek tehlikenin doğanın verdiği
uyarısıdır

bazende rüzgarın alevlendirdiği ateşlere kaçarız
sonra yanarız

bazende yandıktan sonra
rüzgara doğru kaçmak gerek