So just to recap, the problem exists in a single piece of software that is included in countless Mac apps. I would also advise that you read the release notes for updates on all your apps to ensure they have, in fact, addressed the Sparkle issue. This will greatly reduce the risk of a potential attack and will allow you to update your apps to versions that use a patched copy of Sparkle. (The other threats are files I know are on my Mac and I know what they do, and AVG considers them a threat on the average system)įor your scenario, I would advise ensuring that you update these apps on a trusted network, preferably wired with nobody else on the network. The majority of said threats were uninfected apps that use a vulnerable version of Sparkle to update themselves. I recently scanned my Mac and was alerted to over 200 threats. The reason AVG is alerting you to this as a threat is, while the framework is not actually infected, it would appear that many of the apps on your Mac use a version of Sparkle that has this flaw. The flaw in the framework makes it possible for an adversary to execute a man-in-the-middle attack and, as opposed to simply updating the app, can allow said adversary to install other software, such as a virus, trojan, etc. A recent vulnerability was discovered in an outdated version of the framework that could compromise apps using it. Sparkle is a popular framework for OS X apps which enable the developer to easily handle app updates in-app without the hassle of forcing the user to visit the website, download the latest version, re-install, etc. Allow me to go a bit more in depth for you.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |