Cyberduck Mountain Duck CLI

#9276 closed defect (duplicate)

security issue

Reported by: cazzie98 Owned by:
Priority: highest Milestone: 4.8
Component: core Version: 4.7.3
Severity: critical Keywords: security
Cc: Architecture:
Platform: Mac OS X 10.5

Description

I am sure you have heard by now that one of your application has a MAC os security vulnerability with the updater you use called sparkle. Will you be updating to the latest version of sparkle that will make this security go away.

http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/

Change History (1)

comment:1 Changed on Feb 16, 2016 at 10:06:10 AM by dkocher

  • Milestone set to 4.8
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate for #9255. Actually this is a non-issue here because we have always served the update feed and updates through HTTPS.

Note: See TracTickets for help on using tickets.