moyitpro
commented
8 years ago I will update the framework, but just to note that all the links on the domain chikorita157.com now redirects to HTTPs permanently. I will be updating that link to use https in the next update.
The Sparkle framework version used is vulnerable to a Man-in-the-Middle attack, when the appcast or release notes are sent over an unsecured (HTTP) channel.
This app uses Sparkle version 1.8.0 and
http://chikorita157.com/tools/malupdatersparkle/profileInfo.phpas the update link, so it is vulnerable.I would suggest using a more recent Sparkle version.
More info on Sparkle website