Rub shoulders with leading experts and industry disruptors at TNW Conference →

The heart of tech

This article was published on February 10, 2016


Your Mac could be vulnerable to attack through these popular apps

Your Mac could be vulnerable to attack through these popular apps
Kirsty Styles
Story by

Kirsty Styles

Reporter

Kirsty Styles is a journalist who lives in Hackney. She was previously editor at Tech City News and is now a reporter at The Next Web. She l Kirsty Styles is a journalist who lives in Hackney. She was previously editor at Tech City News and is now a reporter at The Next Web. She loves tech for good, cleantech, edtech, assistive tech, politech (?), diversity in tech.

Security researchers have identified a flaw with older versions of the software updater Sparkle, used by certain iterations of Mac apps like uTorrent, Camtasia and Sketch that leaves them vulnerable to man-in-the-middle attacks.

Attackers can exploit the vulnerability in certain apps that use both the identified versions of Sparkle to send and receive updates, as well as an unencrypted HTTP channel, to install malicious code on your machine.

This would typically be done over an unsecured Wi-Fi network and the researchers found this is even the case if you’re using the latest version of Mac OS.

A confirmed list of vulnerable apps seen by Ars Technica includes Camtasia 2 v2.10.4, uTorrent v1.8.7, Sketch v3.5.1 and DuetDisplay v1.5.2.4, but one of the researchers said the numbers affected could be “huge.”

Although tens of Mac apps use Sparkle, those in question have to both use an old, vulnerable version (prior to v.1.13.1) as well loading assets over unencrypted HTTP.

For those with some tech know-how, a commentator has written a quick how-to to help you identify those apps that could be affected.

Screen-Shot-2016-02-10-at-13.16.48
Credit: Ars Technica / ryanr

Essentially the app owners have to update the Sparkle software inside their app and work out how to use the secure HTTPS protocol instead of HTTP to fix the problem.

Just remember, no matter what people think, Macs can be hacked and third-party software can often be the weak link.

“Huge” number of Mac apps vulnerable to hijacking, and a fix is elusive [Ars Technica]

Also tagged with