|
|
|
|
|
|
by maronato
136 days ago
|
|
|
Because other OSs do not and the notepad++ team wants all users to have a similar experience. If you don’t need auto updates, just disable them. More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater. |
|
|
On windows, the package manager downloads the release of notepad++ directly from github, so it would not have been compromised. The hijack was done on the notepad++ website at the webhost level as I understand it, and the built in updater pulled from there.