The existence of the vulnerability simply means that it is possible for an attacker to compromise your Mac while you are updating an app that uses a vulnerable version. It does not mean that you will be compromised. Additionally, I would like to point out that the Sparkle vulnerability does NOT compromise your Mac or the applications using it during normal usage. At least, in the instance of VLC you show in the screenshot, you are not infected with malware, you simply have a vulnerable app on your Mac. So every instance of Sparkle on your computer (that is, in almost every app on your Mac), AVG will list it as a potential threat. ![]() So just to recap, the problem exists in a single piece of software that is included in countless Mac apps. I would also advise that you read the release notes for updates on all your apps to ensure they have, in fact, addressed the Sparkle issue. This will greatly reduce the risk of a potential attack and will allow you to update your apps to versions that use a patched copy of Sparkle. (The other threats are files I know are on my Mac and I know what they do, and AVG considers them a threat on the average system)įor your scenario, I would advise ensuring that you update these apps on a trusted network, preferably wired with nobody else on the network. The majority of said threats were uninfected apps that use a vulnerable version of Sparkle to update themselves. I recently scanned my Mac and was alerted to over 200 threats. The reason AVG is alerting you to this as a threat is, while the framework is not actually infected, it would appear that many of the apps on your Mac use a version of Sparkle that has this flaw. The flaw in the framework makes it possible for an adversary to execute a man-in-the-middle attack and, as opposed to simply updating the app, can allow said adversary to install other software, such as a virus, trojan, etc. A recent vulnerability was discovered in an outdated version of the framework that could compromise apps using it. Sparkle is a popular framework for OS X apps which enable the developer to easily handle app updates in-app without the hassle of forcing the user to visit the website, download the latest version, re-install, etc. Allow me to go a bit more in depth for you.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |