Hacker News new | ask | show | jobs
by 5vforest 3777 days ago
Augmented it with a bit of Ruby in order to find the "SUFeedURL", which if using the `http` protocol, means that an application is vulnerable.

https://gist.github.com/ajb/876107d0edc0f2c11779
1 comments
mh- 3777 days ago
FYI, it can be stored in theoretically any key. But it's probably worth looking for SUFeedURL* at least.

  % plutil -p /Applications/iTerm.app/Contents/Info.plist| grep SUFeedURL
  "SUFeedURLForFinal" => "https://iterm2.com/appcasts/final.xml"
  "SUFeedURLForTesting" => "https://iterm2.com/appcasts/testing3.xml"
link
5vforest 3777 days ago
Good info! I really have no clue what I'm doing. Just trying to help coworkers figure out if they need to uninstall any apps, really :)
link