A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be exploited by attackers to mount a man-in-the-middle attack and ultimately take control of the computer if they are located on the same network.
If you use Apple's OS X El Capitan, iOS and QuickTime on any of your computers and devices, you might want to implement the latest updates pushed out on Tuesday.
Do you remember when, last October, Synack director of research Patrick Wardle found a simple way to evade OS X's Gatekeeper defense mechanism by bundling up a legitimate Apple-signed app with a malicious, unsigned one placed in the same directory, and wrapping it all up in an Apple disk image file? Until they come up with a permanent fix, which will require a redesign of OS X, Apple has temporarily blocked this attack avenue by creating a (short) blacklist of files that Wardle reported could be repackaged to trip up the Gatekeeper and introduce malware on Macs.
Apple has released security updates for the operating systems running on the company's iPhones, computers, Apple TV and various versions of smartwatches, as well as Xcode and Safari.
Apple announced that its Swift programming language is now open source.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.