Threat: OSX Sparkle Updater Vulnerability
Solution: Update OSX impacted software on a secure network until applicable software patches have been made.
URL: https://vulnsec.com/2016/osx-apps-vulnerabilities/ and https://www.evilsocket.net/2016/01/30/osx-mass-pwning-using-bettercap-and-the-sparkle-updater-vulnerability/

This is a pretty recent vulnerability that was found last Friday. Radek (a security researcher) found the vulnerability (or feature?) in the OSX Sparkle Updater that allowed it to use HTTP instead of HTTPS to receive updates. The use of HTTP makes all of the applications that depend on the Sparkle updater and HTTP vulnerable to man in the middle attacks (MITM). In addition Simone Margaritelli (another security researcher) developed a module for Bettercap to exploit the vulnerability. To bring things back to our chapter readings, I think Simone’s post is pretty squarely in the black hat hacker arena and Radek’s post tells enough about the exploit to bring it into the grey hat hacker realm.

At any rate, while this exploit can be used to severely compromise a system, it has severe limitations on availability to do so. The best protection from this vulnerability is to only update software on a secure network, where a MITM attack is unlikely to take place. In addition, with the smaller market share of OSX, it is less likely to be attacked except in target rich environments or for high value targets.