|
|
|
|
|
|
by pquerna
3797 days ago
|
|
|
Right, the ability for an attacker to change an XML file like this could be considered two separate issues. Things like this is why The Update Framework (TUF) Specification was created: https://theupdateframework.github.io/ The specification covers exactly this kind of attack and has signing of all of the data about an update: https://github.com/theupdateframework/tuf/blob/develop/docs/... But, as far as I know, there isn't an implementation of TUF that works with ObjectiveC and all the other parts of Sparkle, to actually update an OSX application. |
|
|