mac “Huge” number of Mac apps vulnerable to hijacking, and a fix is elusive

[the.fire.bird]

A vulnerability is discovered in a large number of Mac OS X apps . A hacker on the same network can inject malicious code using man in the middle attack.

 

 

Quote

The Next Web:

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

Quote

Ars Technica: 

Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates.

The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers. It involves the way Sparkle interacts with functions built into the WebKit rendering engine to allow JavaScript execution. As a result, attackers with the ability to manipulate the traffic passing between the end user and the server—say, an adversary on the same Wi-Fi network—can inject malicious code into the communication. A security engineer who goes by the name Radek said that the attack is viable on both the current El Capitan Mac platform and its predecessor Yosemite.

Here's a video showing a proof-of-concept attack performed against a vulnerable version of the Sequel Pro app:  Sequel Pro - RCE vulnerability

 

A comment in the Ars Technica article: 

Quote

Here's how to list all apps that use Sparkle on your system, and what version they are using:

find /Applications -path '*Autoupdate.app/Contents/Info.plist' -exec echo {} \; -exec grep -A1 CFBundleShortVersionString '{}' \; | grep -v CFBundleShortVersionString

You're looking for versions prior to 1.13.1 (as per https://github.com/sparkle-project/Sparkle/releases). These are vulnerable if they are set to load any assets over unsecured HTTP. Perhaps someone else can chine in on where those URLs can be found.

Sources: Ars Trchnica  , The Next Web 

 

Opinion : No matter how secure your OS is 3rd party softwares can always make your system vulnerable. Mac and Linux are not foolproof.

 

[xunil]

This is why I hate people who say, "There are never malicious attacks on Mac, because you can't exploit it." It just flat out isn't true, hope they get this patched.

[linuxfan66]

4 hours ago, xunil said:

This is why I hate people who say, "There are never malicious attacks on Mac, because you can't exploit it." It just flat out isn't true, hope they get this patched.

a third party framework being the trigger is important to note in addition. so even if OS X was 100% secure by itself(it obviously isn't). The presence of third party code can always compromises that.