New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Applications using Sparkle #717
Comments
|
AirParrot 2 |
AccountEdge Pro |
DiskMaker X |
0 Adium.app |
Ones not mentioned already:
|
More apps: Bitcasa |
More: Marked 2 |
|
Um, so an application using Sparkle is an Issue? Why? I understand that some applications that use Sparkle use it insecurely, but not all do. Tunnelblick, for example, uses https: for all Sparkle traffic. |
@jkbullard No, you're right. Also, this thread is not related to the recent vulnerability |
|
|
Not yet mentioned:
|
Not mentioned as of this writing:
|
CD Spin Doctor (from Toast Titanium 10 app collection) is anyone building a list of apps that use HTTP vs HTTPS, related to the MITM vulnerability? |
Adium.app |
Divvy |
HandBrakeBatch |
|
|
|
@thotha I am currently unaware of Little Snitch. I am just repeating what the VLC 2.2.2 release notes claimed: " |
I hope the following information is helpful for concerned users here and elsewhere who are about the MITM bug in Sparkle framework. The following example can be used for applications which do not have a setting to turn off automatic backup! If such a setting does exists it is preferred to use that setting instead!Here some feedback from the developer of LaunchControl and BackupLoop Robby Phälig. |
120! on my Mac. 8-Bitty Controller for OSX |
HoudahSpot: Advanced file search Recent versions use HTTPS for appcast and release notes |
I am adding PowerPhotos to the list. |
CloudApp |
iReal Pro's tech support checked with the developers: The newest version, from this week, (iReal Pro 7.0) uses the newest version of Sparkle and is thus save to auto update. |
@domelias That's right, you can enable auto-updating once the application has been patched. |
THESE APPLICATIONS HAVE BEEN OFFICIALLY PATCHED: App Cleaner |
@thotha I have tested the claims of VLC being patched and have realized that VLC still uses an HTTP connection in v2.2.2 and is therefore still unsafe. VLC is STILL vulnerable! |
Apps That Have Claimed to Have Been Patched: AppCleaner: BetterTouchTool: DetectX: Fitbit Connect: Fitbit Connect: Flux: Malwarebytes Anti-Malware: Malwarebytes Anti-Malware: TeamViewer: Transmit: VLC: |
|
My apps which use Sparkle: all current versions use https for updating |
I updated GraphicConverter 9 and CADintosh today. |
5KPlayer - http://www.5kplayer.com |
@jakepetroules thanks for the terminal command. I always have 'Malwarebytes Anti-Malware' twice. I found why with the cmd: Malwarebytes Anti-Malware.app |
If you don't like to use Terminal, DetectX version 2.14 and above lists the apps using Sparkle with/out https. |
Thank you @TraderStf that was very helpful. |
Any updates on..? .Knock Thanks in advance! |
How about the apps Arthur, Viscosity, ClipMenu? |
Not obviously vulnerable (current stable version only)
Could be vulnerable / unreachable appcast
|
Sparkle for the MacOS Application TeXShop has the subobtimal habit of accumulating what to appear old versions of TeXShop in a folder /Users/username/Library/Application Support/TeXShop/.Sparkle (where "username" is a placeholder). In my case, these (40!) old versions unnecessarily occupy a total of ~3.5GB. IMHO, this state of affairs should be optimised (at most 3 old versions should be kept). |
@simonkramer The accumulation of copies in application support has been fixed a while ago. It'll stop happening when the app updates to the current version of Sparkle. |
@Kosmic-Halo Malwarebytes v1.2.4.584 has been patched!!!!! |
The syncthing-macos project uses Sparkle |
Edit: this issue has nothing to do with security. Applications are listed here just because they use Sparkle and we think they're cool.
Sparkle website lists some Mac apps that use the framework, but this list has been compiled a while ago.
Edit: thanks for your suggestions! We've got a long list!
Here's my list:
The text was updated successfully, but these errors were encountered: