• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

  • Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • From: 2551phil <email@hidden>
  • Date: Thu, 11 Feb 2016 21:10:24 +0700

On 11 Feb 2016, at 20:21, Yvan KOENIG <email@hidden> wrote:

I assume that they call it from the executable itself.


Yes, that’s true. I’ve been saying this since yesterday (but maybe on another list, not sure):

Some apps embed either or both the appcast url and the release feed url in the binary. One example is DriveDx, but there are others that I’ve been told about but have not confirmed.

For those apps, the only way I know to check is to put the binary in a text editor or use the command line tool (requires Xcode command line tools to be installed) ‘strings’ and to grep/search for ‘appcast’.

All of the information I’ve collated from both this list and cocoa-dev iis in the blog post I linked to yesterday at:

http://applehelpwriter.com/2016/02/10/how-to-check-for-sparkle-vulnerability/



Best


Phil
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
References: 
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Bill Cheeseman <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Shane Stanley <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Philip Stokes <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Shane Stanley <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Phil Stokes <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Yvan KOENIG <email@hidden>)

  • Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Previous by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Index(es):
    • Date
    • Thread