[mikeash]

A VPN will help, but it only encrypts your connections to the point where your VPN is terminated, then it's off to the wider internet with no encryption. Same, but worse, for your home network. MITM can be done in other ways than hijacking connections on the LAN.

Note that the problem isn't just with the updater, but with the update checker. That means that merely running these apps makes you vulnerable, if you've configured them to automatically check for updates (usually the default). You don't have to actually update, just have an automatic check performed.

To be safe from this, you'll want to disable automatic update checks in the settings for each app. Of course, running the app to do this is dangerous, but the odds of being targeted in this small window are low, especially if you avoid easy targets like public WiFi while doing it. If you want to be extremely paranoid, you can disconnect from the internet first. Once the app makers publish updates, you can update out of band by downloading the new version directly from their web site (over https, hopefully) and then you can safely re-enable automatic update checking.