Please comment on recent Sparkle vulnerability

Got a problem with Viscosity or need help? Ask here!


Posts: 1
Joined: Wed Feb 03, 2016 5:34 am

Post by yargevad » Wed Feb 03, 2016 5:37 am
I'm curious whether an update is necessary to fix any security holes related to this issue. Tunnelblick needed one, so if you guys don't, that's a good differentiator.


User avatar
Posts: 2102
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Feb 03, 2016 11:58 am
Hi yargevad,

Viscosity is not affected. It uses HTTPS for all aspects of update checking and downloading.

Only applications using HTTP for update feeds are affected. Nevertheless the latest beta version includes an updated version of the Sparkle framework just to be safe.

James Bekkema
Viscosity Developer

2 posts Page 1 of 1