Please comment on recent Sparkle vulnerability

Got a problem with Viscosity or need help? Ask here!

yargevad

Posts: 1
Joined: Wed Feb 03, 2016 5:34 am

Post by yargevad » Wed Feb 03, 2016 5:37 am
I'm curious whether an update is necessary to fix any security holes related to this issue. Tunnelblick needed one, so if you guys don't, that's a good differentiator.

James

User avatar
Posts: 2102
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Feb 03, 2016 11:58 am
Hi yargevad,

Viscosity is not affected. It uses HTTPS for all aspects of update checking and downloading.

Only applications using HTTP for update feeds are affected. Nevertheless the latest beta version includes an updated version of the Sparkle framework just to be safe.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1