Originally Posted By: grelber
Still no idea what Sparkle is.

Originally Posted By: artie505
Sparkle is the apparatus developers use to notify users of updates and install them.

When you see this screen, Sparkle is at work.

All that is is the sparkle-project.org's homepage.
Still not sure how that might affect or be of interest to me in terms of guarding against malware and the like.

That home page answered your initial question, and this, I think, is the answer to your new question...

Any time one of your apps pops up a Sparkle dialog box you may be vulnerable to a MItM attack if you click on "Install Update".

According to alternaut's linked doc, you may be safe if you've launched Firefox at least once in each account in which you use Sparkle, but as far as I can see, the best approach to dealing with the vulnerability (which, by the way, is the result of a flaw in OS X, not Sparkle) is to simply avoid using it unless you're 100% certain that the app asking to be updated is asking via a secure version.

Use MacUpdate or the dev's website instead.

And if an app asks to be updated to a secure version of Sparkle via a vulnerable version... tongue

Last edited by artie505; 02/13/16 08:57 AM. Reason: Add source of vulnerability
The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire