• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sparkle updater check vulnerability script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sparkle updater check vulnerability script


  • Subject: Re: Sparkle updater check vulnerability script
  • From: 2551phil <email@hidden>
  • Date: Fri, 12 Feb 2016 10:13:17 +0700


On 12 Feb 2016, at 03:41, Yvan KOENIG <email@hidden> wrote:

Oops

I forgot a piece of the code.

Yes, I was about to post that 1.54 is missing out some apps on my system.

Here is an enhanced one which analyse more deeply the use of appcast.

1.55 doesn’t work properly here. It’s throwing up things that are not insecure. I think that’s because the logic of the script in 1.54 and 1.55 has changed. An app shouldn’t be added to the ‘vulnerable’ variable simply because it doesn’t use 1.13.1. As I’ve repeatedly said, even 1.5b is safe if both the appcast and the release notes are https. As I also said early on, some apps will have to remain on 1.5b simply because they can’t update and maintain support for Snow Leopard.

Theoretically, one could get the appcast url and then call CURL on it via a do shell script and examine that for https/http calls to the release notes, but there’s a point where the work becomes greater than the potential threat (see Shane’s last post, which I agree with entirely).

For the time being I’m happy sticking with v1.52 of the script as that’s the most reliable and gives me a reasonable indicator of which apps need updating.  


Best


Phil


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden

References: 
 >Sparkle updater check vulnerability script (From: 2551phil <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: 2551phil <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: Christopher Stone <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: Phil Stokes <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: Shane Stanley <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: 2551phil <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: Yvan KOENIG <email@hidden>)
 >Re: Sparkle updater check vulnerability script (From: Yvan KOENIG <email@hidden>)

  • Prev by Date: Re: Sparkle updater check vulnerability script
  • Next by Date: Re: AppleScript System Events help
  • Previous by thread: Re: Sparkle updater check vulnerability script
  • Next by thread: Re: Sparkle updater check vulnerability script
  • Index(es):
    • Date
    • Thread