RW Update vulnerability with Sparkle


(Bart) #1

It appears that Rapidweaver is vulnerable to a bug in the update mechanism which is provided by Sparkle. See http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/
Is it correct that Rapidweaver uses this mechanism and is a fix in the making?

Bart


(Nik Fletcher) #2

This is already addressed in the 6.3.8 betas, and will roll out with the final 6.3.8 update soon.

Cheers,

—Nik


(Bart) #3

Thanks Nik for the quick answer and the quick reaction!

Cheers, Bart