Recently, there have been a number of reports about the vulnerability of a framework for updating Mac OS X called spark popular. The type of security problem associated with the recently discovered vulnerability is a man-in-the-middle attack; an attack that occurs when an attacker impersonates one side of a communication session.
The vulnerability recently discovered in Sparks has raised concerns in some OS X users on the applications that use the Sparkle framework, such as VyprVPN. We want to ensure that our users VyprVPN is not affected by the vulnerability Sparks man-in-the-middle attack. We have provided additional information below.
What is the spark and reported vulnerability?
Sparkle OS X commonly used framework used by applications not downloaded on the App Store for updates automatic applications. The spark vulnerability recently discovered is a man-in-the-middle attack types on the unsecured HTTP communication. Since the HTTP channel for Sparkle updates in plain language this means that the channel could be hijacked by an impersonator to deliver malicious code to users
What keeps users VyprVPN OS X safe from the vulnerability?
VyprVPN uses the Sparkle framework for automatic updates, but is affected by the vulnerabilities for the main reason that VyprVPN only uses HTTPS SSL secure channel for updates day spark . This layer of secure communication can not be diverted or personified in the same way that the unencrypted HTTP traffic.
Why MacOS X users are secured 10.11
Users of Mac OS X version 10.11 should also know that Apple introduced a feature called App Security Transport. This feature allowed connections through HTTP non-secure using the API NSURLConnection unless the developer explicitly stated in the field of application info.plist. Developers are strongly encouraged to use only HTTPS to access Web resources.
Like most HTTP uses are due to existing code, Mac users on until 10.11 and are generally protected against an unsecure Sparkle update in the sense that recovery usually on HTTP resources failure.
best practices to protect you
the best way to protect against this vulnerability and many others are using the latest production version of MacOS X and the latest production applications. Security flaws are detected and resolved by Apple and other software developers regularly. Using the latest versions of your software, you can avoid security holes that the bad guys already know.
If you have questions or concerns, please free to reach out to us support@goldenfrog.com!
0 Komentar