If you have version 1.4.6 (the current shipping version since May 2015) or greater, then your Cartographica is not susceptible to this problem. If you are running 1.4.5 or lower, please read this message.
The updater that we use in Cartographica (Sparkle) has been found to have a specific set of vulnerabilities that can cause remote execution.
Unbeknownst to us, we mitigated this problem last spring when we moved to using SSL/TLS for our updater feed. As such, if you've kept your copy of Cartographica up to date, you're in good shape.
The next release of Cartographica will include a further update to the underlying software updater which takes more steps against this a similar vulnerability occurring in the future.
If you are running a version less than version 1.4.6, we encourage you to update directly by using the Cartographica Download Page directly. Once you've done that, the updater should be sufficiently secure.