As reported here (https://vulnsec.com/2016/osx-apps-vulnerabilities/) many OSX apps using the sparkle framework are vulnerable to a MITM attack when performing a system update.
The transmission servers already support HTTPS, so I think that all this requires is editing the info.plist to use HTTPS ...
Search found 1 match
- Sat Jan 30, 2016 12:25 pm
- Forum: Support
- Topic: Sparkle Updater framework vulnerability
- Replies: 0
- Views: 7803