- If you download and install third party applications on your Mac that have a "check for updates" feature, you are likely to have some version of Sparkle on your Mac.
- Applications do not advertise their use of the Sparkle framework any more than they advertise the programming language(s) used to write the application so there is not way of telling whether a given app uses Sparkle framework or not
- It is only older versions of Sparkle that are vulnerable to exploits. The vulnerability is not present in the more recent versions. Unfortunately you are unlikely to have any information on what versions of Sparkle is used by the app.
For those who
do want to know about the underlined parts of the selected points from Joemikeb’s post, regardless of their theoretically small exposure to the Sparkle vulnerability, Sqwarq Software’s
DetectX utility added
a Sparkle security check for all apps and Pref Panes on the system starting with v 2.13. It will list all such items that use the vulnerable (= HTTP using) versions of the Sparkle.framework. To access this Sparkle search, check the relevant box in DetectX’s preferences before you run the (‘All Searches’) Search. This may take a minute or so, and might be ‘disappointing’ (e.g., my test was negative).
PS, Regardless of search results present in the main window or communicated by popup (’Negative’), all details are listed in DetectX’s log. This can be accessed by selecting ‘Log Drawer’ from the ‘View’ menu, or by clicking the white-on-blue ‘
i’ button in the lower left of the results window. The Sparkle results are found toward the end of the log.
