There’s a bug that could get your Mac OS X hacked. Most of Mac OS X’s applications use a framework called Sparkle. What Sparkle does is it simplifies automatic software updates for the end user. Unfortunately, Sparkle was spotted with a vulnerability that could leave your system open to hackers.
This happens when an app is checking for updates that uses unencrypted HTTP channel which can be hijacked. This vulnerability affects OS X Yosemite and OS X El Captain.
Here’s the vulnerability in action:
A patch for this bug has been released, however, it could take a while for the app developers to update the Sparkle used in their apps. This means that any app using an older version of Sparkle is vulnerable to this hack.
So how do you stay safe from this vulnerability?
The first thing you should do is to check this list of apps that are using Sparkle and see whether you have them installed on your system. If you don’t have them then you are clear and you have nothing to worry about.
If you do, then uninstall it and wait for the updated versions of the apps. Look for app updates that were released on February 4th and on-wards, since that was when the Sparkle security patch was released.
If however you are still paranoid then simply don’t connect your system to any unsecured or public WiFi, since that’s how someone would take advantage of your system.
Please share this with your friends so they don’t get hijacked.