Sparkle security vulnerability

An instant messenger which can connect to AIM, GTalk, Jabber, ICQ, and more.
waffffffle
Muffin
Posts: 37
Joined: Sat Apr 30, 2005 12:50 am

Sparkle security vulnerability

Postby waffffffle » Wed Feb 03, 2016 4:19 am

In my brief testing it appears Adium is vulnerable to this very serious security vulnerability in the Sparkle framework:
https://vulnsec.com/2016/osx-apps-vulnerabilities/

Adium uses HTTP, not HTTPS, which makes it vulnerable.

User avatar
Robby
Cocoaforge Admin
Posts: 2548
Joined: Mon May 01, 2006 3:00 am
Contact:

Re: Sparkle security vulnerability

Postby Robby » Wed Feb 03, 2016 6:57 pm

Hi there, you may not have noticed yet but we released 1.5.10.1 a few days ago to address this issue.

Thorzdad
Latté
Posts: 57
Joined: Fri May 11, 2007 4:34 pm

Re: Sparkle security vulnerability

Postby Thorzdad » Tue Feb 09, 2016 7:59 pm

Robby, I've been happily running v.1.6hgr5915 for just over a year. I'm using it because, at the time, it was the only version of Adium that would connect me to Yahoo. I'm assuming it's vulnerable, given its age. Will the new secure release work with Yahoo on an older Mac?

waffffffle
Muffin
Posts: 37
Joined: Sat Apr 30, 2005 12:50 am

Re: Sparkle security vulnerability

Postby waffffffle » Wed Feb 10, 2016 4:07 am

Thanks. Turns out that I was running an old beta that refused to report that updates were available. I downloaded the latest version manually and I see that it uses HTTPS for updates.


Return to “Adium”

Who is online

Users browsing this forum: No registered users