OSX Sparkle Updater Vulnerability

sparkleThreat: OSX Sparkle Updater Vulnerability
Solution: Update OSX impacted software on a secure network until applicable software patches have been made.
URL: https://vulnsec.com/2016/osx-apps-vulnerabilities/ and https://www.evilsocket.net/2016/01/30/osx-mass-pwning-using-bettercap-and-the-sparkle-updater-vulnerability/

This is a pretty recent vulnerability that was found last Friday. Radek (a security researcher) found the vulnerability (or feature?) in the OSX Sparkle Updater that allowed it to use HTTP instead of HTTPS to receive updates. The use of HTTP makes all of the applications that depend on the Sparkle updater and HTTP vulnerable to man in the middle attacks (MITM). In addition Simone Margaritelli (another security researcher) developed a module for Bettercap to exploit the vulnerability. To bring things back to our chapter readings, I think Simone’s post is pretty squarely in the black hat hacker arena and Radek’s post tells enough about the exploit to bring it into the grey hat hacker realm.

At any rate, while this exploit can be used to severely compromise a system, it has severe limitations on availability to do so. The best protection from this vulnerability is to only update software on a secure network, where a MITM attack is unlikely to take place. In addition, with the smaller market share of OSX, it is less likely to be attacked except in target rich environments or for high value targets.

Who is Paul Darr?

Paul Darr has lived in California, Oregon, Colorado, and currently lives in San Antonio, Texas. Paul is also an Army Veteran, who has deployed to Iraq and Afghanistan. On the political spectrum Paul is a Libertarian that advocates fiscal responsibility and social tolerance. Paul is currently employed as an IT Manager and is a father of a handsome boy and beautiful daughter. In his free time Paul enjoys reading, using and modifying open source software, gaming, and several other geeky pursuits.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.