Closed bored-engineer closed 3 years ago
Try bulding a module for it!
I'll take a look in a day or two and see what I can do.
Hi Luke, do you have any news? Do you need help? Best
I haven't had a chance to take a look yet, but I will eventually. Feel free to give it a try if you want, I'd be happy to take a look at and finish any code you started.
This is being currenty reviewed.
Sublime uses a signed manifest and a pak file with a compression I haven't been able to extract yet. But this scenario me be similar to another one I have in mind.
I have already tried to build a module for Sublime Text, it only requests the update URLs over HTTP, the program then decides whether it can update securely, so no arbitrary payload can be served.
SublimeText may be exploitable. Updates are checked over HTTP: http://www.sublimetext.com/updates/3/stable/updatecheck?version=3059&platform=osx&arch=x64&r=1&m=Vek2