A Severe Security Flaw Affects A Ton Of Mac Apps, Here’s Why
The last couple of years haven't been great for Apple in security stakes. We saw a numerous amount of security flaws and loopholes on both mobile and desktop, which despite being patched over time, put a serious question mark over Cupertino's watertight claims in this department. Now it seems things are about to take a new turn on Cupertino's desktop platform - OS X - as a new security flaw has emerged, and it puts an alarming amount of Mac apps in the affected region.
A Third-Party Updater In A Ton Of Mac Apps Has A Major Security Flaw
The apps in question are affected due to a security flaw in a third-party updater (Sparkle Updater) which apps use to update themselves over the air. And surprisingly a lot of big name apps are in the crossfire, such as Sketch, uTorrent etc.
The security flaw, if utilized, allows a potential hacker to initiate a man in the middle attack, allowing them to install malicious code on a Mac, subsequently snooping through personal data if they so desire. Not pretty at all if you're asking us.
The discovery of this flaw was made by a security researcher who goes by the name Radek, reports Ars Technica:
If you think that is alarming enough, here's a demo of the flaw in action. It's a proof of concept, though.
The interesting thing here is that Sparkle Updater has already received an update itself, which of course, patches the security flaw. But the thing is, developers have to integrate that update within their apps in order to make things right again. And given that many apps utilize Sparkle, therefore it's very tough to gauge exactly how many apps are affected by this flaw. But if the report is to be believed, then a 'huge' number of apps are affected.
Let's just hope app developers are swift enough to incorporate the update in order to fix things right away. VLC did, at least.