- Mon 01 February 2016
- Cartographica
- Gaige B. Paulsen
Security issues in Updater for Pre-1.4.6 Cartographica Versions
If you have version 1.4.6 (the current shipping version since May 2015) or greater, then your Cartographica is not susceptible to this problem. If you are running 1.4.5 or lower, please read this message. The updater that we use in Cartographica (Sparkle) has been found to have a specific set of vulnerabilities that can cause remote execution. The specific problems can be exploited via a MITM (Man-in-the-Middle) attack, resulting in arbitrary code execution in the Javascript portion of the display that Cartographica shows during updates. Unbeknownst to us, we mitigated this problem last spring when we …