Using a Mac-operated computer provides you with several advantages. People consider buying Mac-operated devices for the high end performances, classy finish and relatively higher security features.
However, as per one of the latest threats reveals, Mac users have a significant potential to be vulnerable from thousands of third party apps pertaining to the Sparkle framework.
Most Mac users won’t immediately recognize Sparkle and so may quickly dismiss it.
However, before you do so, Sparkle is a framework which is widely used within Mac OSX by thousands of app developers.
This is open source (free to use) software developed by Sparkle Project for app developers to provide manual and automated updates in the background for widely used third party software like µTtorrent, Camtasia Duet Display and Sketch.
The main risk of this particular loophole is that it makes you open to MitM or MITMA attacks (man in the middle attacks).
When you are under a MitM attack, your communications via the Internet can be exposed to someone else in the middle without your knowledge.
When your Mac device starts to update any software that uses Sparkle, since your communication with the update server is exposed to a third person you do not know, they can insert harmful code and gain full control of your computer system putting your privacy at major risk.
This 28 second video show how it is possible, in terms of misconfiguration provided with the Sparkle Updater framework.
If you are currently running one or more of the below mentioned apps in your Mac, you might be under a potential risk of being attacked.
Applications using Sparkle is a user generated listed of those apps that use Sparkle to perform software updates.
IMPORTANT: Not all apps are vulnerable. Some apps were originally programmed with security in mind. Some apps developers have already updated their software effectively removing this vulnerability.
Each app is separately affected by this vulnerability. Here are the steps to determine which of your apps are using Sparkle as well as what version of Sparkle (code credit goes to HipsterPixel.co):
find /Applications -name Sparkle.framework | sed 's,/Applications/\(.*\)\.app/Resources/Info.*,\1,'|while read fname; do
appname=$(echo $fname | sed -e 's/\/Contents\/Frameworks\/Sparkle\.framework//g' | sed -e 's/\/Applications\///g')
version="$(defaults read "$fname/Resources/Info" CFBundleShortVersionString)"
echo "$appname => $version"
You will have a response similar to the following:
(computer name was blurred for privacy of customer)
Notice this customer as two apps that use Sparkle. The BetterTouchTool is using Sparkle version 1.13.1 while the MacID is using 1.11.1. The MacID in this example is potentially vulnerable until it is updated to 1.13.1 or more recent.
After seeing the problem, the Sparkle Project developers are very passionate about their work and have taken measures to fix this problem on their end with Sparkle version 1.13.1+.
Their newest version claims to have fixed all the bugs, but installing the patch may not be the easiest task.
From the app developers’ point of view, the app developer needs to download the latest version of Sparkle and make their app 100% compatible with the new Sparkle framework.
From the users’ perspective, concerning the protection, you need to download the latest version of your apps and use it.
By any chance, if you are prompted to perform an update, it is better to avoid it and directly download the latest version from the official website. It will make sure that you end-up with the expected result other than getting misdirected.