Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.
The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.
A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.
The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:
- Camtasia 2 (v2.10.4)
- DuetDisplay (v220.127.116.11)
- uTorrent (v1.8.7)
- Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.
If you want to see the full list of apps that could be vulnerable to MiTM attacks, there is a list of apps that use Sparkle, here. It’s important to note, however, that not all of these apps communicate over insecure HTTP networks, nor do they all use the same (vulnerable) version of Sparkle.
The popular chat client Adium, for instance, uses Sparkle but communicates over HTTPS.
If you’re running an app that could be vulnerable, the best thing to do is update it immediately. That said, end users have no real way of knowing what is vulnerable and the problem might not necessarily be solved with an update if the update still features HTTP communication and a vulnerable version of Sparkle.
Good luck out there.