Only when application was compiled on OSX 10.11 El Capitan, it's not available in previous versions.
I know that it's hard to believe but yes, they do. It's just a one of two vulnerabilities in that case to be clear.
With this updating process when the update process itself is vulnerable is "tricky", I know but you can avoid those nasty things by: 1) Using secure and let's say trusted VPN and then all your connections are going to…
That's totally true but, WebView allows to execute unsafe handlers like 'file://', 'ftp://'. As a result in the worst case scenario when appcast webserver was compromised then you don't need a private DSA key (which I…
List of vulnerable applications is here - https://github.com/sparkle-project/Sparkle/issues/717
Only when application was compiled on OSX 10.11 El Capitan, it's not available in previous versions.
I know that it's hard to believe but yes, they do. It's just a one of two vulnerabilities in that case to be clear.
With this updating process when the update process itself is vulnerable is "tricky", I know but you can avoid those nasty things by: 1) Using secure and let's say trusted VPN and then all your connections are going to…
That's totally true but, WebView allows to execute unsafe handlers like 'file://', 'ftp://'. As a result in the worst case scenario when appcast webserver was compromised then you don't need a private DSA key (which I…
List of vulnerable applications is here - https://github.com/sparkle-project/Sparkle/issues/717