Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

A bunch of Mac apps are reportedly easy to hack, and the solution is taxing

Gabe Carey
By

apple macbook 2016 news rumors version 1454155228 header
Szefei/123RF
Last week, “insane and plain weird” programmer Radek published an article on his blog that uncovered an oddly contained secret about the Mac OS X operating system. In his research, he discovered that the Sparkle update system used in a number of popular Mac applications, such as VLC media player, uTorrent, and Camtasia, fail to use the secure HTTPS protocol, instead opting for the much more vulnerable HTTP.

The unencrypted path makes it easy for hackers to take exploit traffic between the user and the server in both man in the middle and remote command execution attacks. Because of the way Sparkle allows for JavaScript execution by means of WebKit rendering, Radek says the attacks could leave users of both El Capitan and Yosemite at risk.

Related: MacPaw CleanMyMac 3 Free Trial

Recommended Videos

Moreover, if you’re wondering what an attack like this would look like it action, you’re in luck, as Radek took the time to shoot a video of exactly that:

Related

Another researcher, Simone Margaritelli, expanded on to Radek’s discoveries by writing out some frighteningly easy-to-follow instructions as to how you, too, can perform an attack like this using the Metasploit exploit framework. The example he used was none other than the indisputably best media player in the universe, VLC.

While it’s presently unclear just how many apps this could affect, Radek went with the rough approximate count of “huge.” What we do know is that included in this list is Camtasia 2 v2.10.4, DuetDisplay v1.5.2.4, uTorrent v1.8.7, and Sketch v3.5.1. Computer forensics expert Jonathan Zdziarski added that the Hopper reverse engineering tool and DXO Optics Pro are also at risk, according to Ars Technica.

There’s even an extensive list of apps that utilize Sparkle, in case you were wondering, though not every single one of them operates over HTTP or take advantage of a susceptible framework.

To make things worse, Radek said that another Sparkle vulnerability also persist, albeit with less severity. By letting an assailant replace a standard update file with something a little more harmful, it can also be exploited in an aggression against the update servers.

While there is a solution to both vulnerabilities, neither is simple. In fact, Zdziarski reports that at least one developer is struggling to convert its app’s update servers to the more secure HTTPS channel configuration. Until every last one of them does, however, no one is safe.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Get this Asus laptop with a year of Microsoft Office for $199
asus vivobook go laptop deal amazon march 2024 lifestyle

You don't need to spend several hundreds of dollars on a new laptop that you'll use as a productivity tool because there are budget-friendly options like the Asus Vivobook Go L510MA. It's actually currently even cheaper from Walmart after an $80 discount, which brings its price down to just $199 from $279 originally. There's no telling how much time is remaining before the offer expires though, so if you want to take advantage of it, you're going to have to proceed with the purchase as soon as possible.

Why you should buy the Asus Vivobook Go L510MA
For a laptop that will be able to handle basic activities like doing online research, building reports, and browsing social media, you can't go wrong with the Asus Vivobook Go L510MA. It's equipped with the Intel Pentium Silver N5030 processor and 4GB of RAM, which are a far cry from the specifications of the best laptops, but it will be enough for simple tasks. The device also comes with a 15.6-inch screen with Full HD resolution, which is pretty large and sharp for its price, but it's still portable as it only weights about 3.5 pounds with a thickness of just 0.72 of an inch.

Read more
These are the 10 best gaming PCs I’d recommend to anyone
Graphics card in the CLX Hathor PC.

We review dozens of gaming PCs each year. In 2024, there are a ton of great options, but we've narrowed them down to a list of the 10 best gaming desktops that deserve your hard-earned money.

In 2024, we still recommend the Alienware Aurora R16 because of its fantastic design, solid performance, and decent value. However, there are several other options depending on your needs and budget. If you want a deeper look into how we evaluate gaming PCs, make sure to read about how we review desktops.

Read more
Samsung’s crazy 57-inch curved 4K monitor is $700 off today
The Samsung Odyssey Neo G9 57-inch mini-LED gaming monitor placed on a desk.

Your investment in gaming PC deals will  go to waste if you don't upgrade your screen, and if you're willing to splurge for the best possible gaming experience, you'll want to go for the 57-inch Samsung Odyssey Neo G9 curved gaming monitor. It's pretty expensive at its original price of $2,500, so you're going to want to take advantage of any discounts that are available. Fortunately, Samsung has slashed its price by $700 so it's down to $1,800 -- it's still not cheap, but once you're playing your favorite games on this monitor, you'll quickly understand why it's worth every single penny.

Why you should buy the 57-inch Samsung Odyssey Neo G9 curved gaming monitor
The Samsung Odyssey Neo G9 curved gaming monitor features a 57-inch screen with dual 4K Ultra HD resolution and a 1000R curvature, so it will fully immerse you in the worlds of the video games that you play with its lifelike details and vivid colors. It also supports HDR 1000 for better visual accuracy, and it uses Quantum Matrix technology for controlled brightness and improved contrast.

Read more