Jump to content

MBAM for Mac use Sparkle network for update


Recommended Posts

A lot of Mac apps use Sparkle, an open source framework for updates.

The problem is that there are now discovered some vulnerabilities in Sparkle, which among other things would be vulnerable to a man-in-the-middle attack.

I have checked with the followng code and MBAM for Mac is also listed.

find /Applications -name Sparkle.framework
/Applications/Malwarebytes Anti-Malware.app/Contents/Frameworks/Sparkle.framework/Applications/Malwarebytes Anti-Malware.app/Contents/XPCServices/Malwarebytes Anti-Malware Service.xpc/Contents/Frameworks/Sparkle.framework
Sparkle Updater vulnerability puts 'huge' number of Mac apps art risk of hijacking:

http://9to5mac.com/2016/02/09/sparkle-vulnerability-os-x/

 

'Huge' Number of Mac Apps Open to hijacking From Sparkle Updater Vulnerability:

http://www.macrumors.com/2016/02/09/sparkle-hijacking-vulnerability/

Do you have any tips for MBAM for Mac user(s) ?

Link to post
Share on other sites

  • Staff

We are aware of the issue, and are getting close to having an update that contains a fix ready for beta.

 

One thing that's important to understand about this particular issue, though, is that although it's definitely a serious issue, it's also rather difficult to exploit. Exploiting this vulnerability requires some very specific conditions to be fulfilled.

 

Admittedly, that could easily happen in a targeted attack, which is a very big concern and thus we're not minimizing the issue. However, the average user will never see an exploit of this particular vulnerability in any of the numerous apps that are listed as vulnerable.

Link to post
Share on other sites

  • Staff

By the way, it occurred to me that I left something out. We'll have an update coming out that will fix the problem, but how do you safely download the update? This is a good question for all Sparkle-using apps.

 

First, it should be noted that the Sparkle update mechanism is perfectly safe as long as you're on a safe network. For example, if you're on your home network, which should be encrypted with a password, or some other network that can be trusted, then there is no danger of a man-in-the-middle attack through Sparkle.

 

If you are on an untrusted wifi network (ie, one with no password, or one in the control of an unknown individual), you really should always be using a VPN for anything you want kept secure. If that's not possible, though, you should click the Remind Me Later button when an update notice appears and defer the update until you're on a trusted network.

 

However, if you're really not willing to trust the update mechanism, when the update is available, you can just uninstall Malwarebytes Anti-Malware for Mac (choose the uninstall option from the Help menu within Malwarebytes Anti-Malware for Mac) and then download the update directly from here:

 

https://malwarebytes.org/antimalware/mac/

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.