The vulnerability is not in code signing itself. As a result, I have found a vulnerability which allows an attacker take control of another computer on the same network (via MITM). This short weekend research revealed that we have many insecure applications in the wild. Lately, I was doing research connected with different updating strategies, and I tested a few applications working under Mac OS X. ![]() A Man In The Middle attack works when a third party intercepts traffic between a user and another server and then captures and modifies that traffic from the user. The Sparkle vulnerability could allow for an attacker to take control of another computer on the network via a Man In The Middle attack, security researcher Radek points out on his blog. The attack applies to both OS X Yosemite and El Capitan (via Ars Technica). Apps susceptible to this hijacking hack include Camtasia, uTorrent, DuetDisplay, and Sketch. For those unfamiliar, Sparkle is a tool used often by third-party apps that are not in the App Store to allow updates to be pushed to users. ![]() A new vulnerability in Sparkle has put a “huge” number of Mac applications at risk for hijacking.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |