OSX Sparkle Exploit

There's a lot of stuff going around about the OSX Sparkle Exploit….How to check stuff.

Plenty of stuff in the press today about a Sparkle Software Update leaving a Mac OSX machine open to
Man in the Middle attacks. Interesting stuff - you can read about it here:

Sparkle software updater leaves 'huge' number of Mac apps open to attack

Fortunately there's a pretty easy way to scan your system for Sparkle based apps, and get their version numbers. I believe anything below 1.13.1 is at risk from the exploit. You can scan your system to get versions of Sparkle apps using this command from Terminal:

find /Applications/ -path '*Sparkle.framework*/Info.plist' -exec echo {} \; -exec grep -A1 CFBundleShortVersionString '{}' \; | grep -v CFBundleShortVersionString

The output of that will show you the version numbers as well, and what apps you potentially have to address.

blog comments powered by Disqus