The example he used was none other than the indisputably best media player in the universe, VLC. Moreover, if you’re wondering what an attack like this would look like it action, you’re in luck, as Radek took the time to shoot a video of exactly that:Īnother researcher, Simone Margaritelli, expanded on to Radek’s discoveries by writing out some frighteningly easy-to-follow instructions as to how you, too, can perform an attack like this using the Metasploit exploit framework. Because of the way Sparkle allows for JavaScript execution by means of WebKit rendering, Radek says the attacks could leave users of both El Capitan and Yosemite at risk. The unencrypted path makes it easy for hackers to take exploit traffic between the user and the server in both man in the middle and remote command execution attacks. In his research, he discovered that the Sparkle update system used in a number of popular Mac applications, such as VLC media player, uTorrent, and Camtasia, fail to use the secure HTTPS protocol, instead opting for the much more vulnerable HTTP. Szefei/123RFLast week, “insane and plain weird” programmer Radek published an article on his blog that uncovered an oddly contained secret about the Mac OS X operating system.
0 kommentar(er)
