Closed kornelski closed 2 years ago
Hey guys, apparently a better way to check is by running this
for i in /Applications/*/Contents/Info.plist; do defaults read "$i" SUFeedURL 2>/dev/null; done
Majority of apps I have use https to do Sparkle updates
Look for the apps using http and not https
So far I only have 2
icons8
utorrent
This is a list for apps that use Sparkle, no...? "Sparkle website lists some Mac apps that use the framework, but this list has been compiled a while ago. Let's update it! Please add yours." Rather than a list of affected apps...?
@jbarnaby Oh man you're so right, I just followed the Arstechnica link.
Ouch.. theres A LOT. Even when I used the method that @buildabar suggested (http only)
Bittorrent HockeyApp Dropzone3 Fake Flexiglass Fluid FramerJS Miro Video Converter MongoHub Screenflow SourceTree Sublime Text 3 Throng UnrarX VLC Vagrant Manager
BitTorrent CopyClip DropShare DropZone 3 Fake FlexiGlass Fluid Framer Studio Goofy Sequel Pro Miro Video Converter MongoHub Paparazzi! Poedit ScreenFlow Sequel Pro Sketch SourceTree TeamViewer Throng Tansmit Trello Tunnelblick UnRarX XQuartz Vagrant Manager VLC Zeplin
HTTP only BitTorrent Sync Book Collector (Collectorz.com) Duet (Duet Display) Movie Collector (Collectorz.com) Sublime Text 2 TripMode uTorrent
DaisyDisk (though this one's on the App Store) MyHarmony SequelPro Unarchiver VLC uTorrent
Here's a tweak on @buildabar's command that directly lists the names of the apps that don't use https on their SUFeedURLs:
for a in $(ls /Applications); do defaults read "/Applications/$a/Contents/Info.plist" SUFeedURL 2>/dev/null | grep -v https >/dev/null && echo $a; done
Just VLC for me
Please note that discussing which apps are using http or https is off-topic to this thread.
hey @fcw doesn't quite work. When I run without I have more http apps
Accordance 11 Alarm Clock Pro 2 Alarm Clock Pro AppCleaner Art Text 2 Audio Hijack Pro BoinxTV ClamXav Comic Life 2 Comic Life 3 Comic Life Magiq Comic Life Contour Corel Painter Sketch Pad CoverScout 3 DesktopShelves DiskMaker X 4b4 DiskMaker X 5 Downie (978) Downie Drive Genius 3 Ember Focus 2 Focus Font Finagler ForkLift FotoMagico 3.6 FotoMagico 3.8.8 FotoMagico Get Backup 2. GraphicConverter 7 GraphicConverter 8 GraphicConverter 9 HandBrake iExplorer iPhone Explorer iSale 5 iShowU HD Lumio MacJournal MindNode Pro Nicecast NoteBook Pacifist PDFpen Phone To Mac PhotoPresenter Picturesque Scapple ScreenFlow Scrivener SMART Utility 2.1.2 Snapheal PRO Snapheal SongGenie 2 SongGenie StoryMill Swift Publisher 3 Toast Titanium Tonality Pro XQuartz VLC Winclone
AirServer Ambify Audio Hijack BitTorrent Blue Jeans Scheduler for Mac Cisco Jabber Coda 2 Conductr Server DEVONthink Fluid Fluid Geekbench 3 HandBrake HipChat iTerm-2 Lookback Myo Connect NetSpot Opacity OpenEmu OSCulator ƒ PhoneExpander ScreenFlow Sequel Pro Silverback Sketch SoundSoap SourceTree SousChef Spark Splice TechTool Pro 8 Toast 14 Titanium Transmit VLC WhatSize WireTap Studio
gfxCardStatus Go2Shell GPG Keychain HandBrake NetSpot Reflector Sequel Pro SnelNL XQuartz VLC WiTopia
BetterTouchTool Focus 2 Jungle Disk Mactracker MiniPlayer QuickSync VideoPier Wine
DaisyDisk DreamShot Gridmount Jungledisk Slack
Astropad GlyphDesigner iAlertU - I maintain this one myself, so I'll see what I can do about updating it.
MacDropAny EVE (hotkeyEVE) GasMask Max (sbooth)
/applications/Adium.app/Contents/Frameworks/Sparkle.framework /applications/cDock.app/Contents/Resources/updates/wUpdater.app/Contents/Resource/cocoaDialog.app/Contents/Frameworks/Sparkle.framework /applications/ExpressVPN.app/Contents/Frameworks/Sparkle.framework /applications/GPG Keychain.app/Contents/Frameworks/Sparkle.framework /applications/TeamViewer.app/Contents/Frameworks/Sparkle.framework /applications/uTorrent.app/Contents/Frameworks/Sparkle.framework /applications/Vienna.app/Contents/Frameworks/Sparkle.framework /applications/VLC.app/Contents/Frameworks/Sparkle.framework
Where's @haikusw's command? This is all, not HTTP only:
/Applications/AppZapper.app/Contents/Frameworks/Sparkle.framework /Applications/DaisyDisk.app/Contents/Frameworks/Sparkle.framework /Applications/Debookee.app/Contents/Frameworks/Sparkle.framework /Applications/ExpressVPN.app/Contents/Frameworks/Sparkle.framework /Applications/OpenEmu.app/Contents/Frameworks/Sparkle.framework /Applications/Reveal.app/Contents/Frameworks/Sparkle.framework /Applications/Transmission.app/Contents/Frameworks/Sparkle.framework /Applications/Utilities/XQuartz.app/Contents/Frameworks/Sparkle.framework /Applications/VLC.app/Contents/Frameworks/Sparkle.framework /Applications/xACT.app/Contents/Frameworks/Sparkle.framework
Chocolat DiskMaker X 5 Fabric Geekbench 3 ImageOptim Loopback MacDown MacID Magic Spell OpenEmu Piezo QuickRadar Screenhero Sequel Pro Sketch Tower Utilities XLD xScope
Airfoil Speakers (https://www.rogueamoeba.com/airfoil/) All2MP3 (http://www.macupdate.com/app/mac/27103/all2mp3) Comic Book Lover (https://www.bitcartel.com/comicbooklover/macosx.html) Couleurs (https://couleursapp.com) SQLEditor (https://www.malcolmhardie.com/sqleditor/) Subtitiles (http://subtitlesapp.com/fr/)
Air Display Host Airfoil Borderlands Bowtie CDpedia Default Folder X Hobo Itsycal M3Unify PlistEdit Pro PowerTunes RipIt Senuti Simple Comic Tagalicious Triumph TwistedWave Vitamin-R X-LosslessDecoder Yate
Scrivener
since the prior command only work for Apps not in a subfolder of Applications here are 2 that work for apps in a subfolder:
find /Applications -name Sparkle.framework | sed 's,/Applications/\(.*\)\.app/.*,\1,'
find /Applications -name Sparkle.framework | awk -F'/' '{print $(NF-3)}'
Here's mine:
Audio Editor coconutBattery Commander One Cyberduck Isolator DEVONthink Pro Digital Sentry Fantastical Flux Frizzix iBackup Viewer JBidwatcher JollysFastVNC Keka nvALT QuickSync Spectacle TaskPaper TeamViewer Tedium Transmit Tunnelblick TypeIt4Me Baseline Cocktail fseventer Lingon X 2.3.2 AppCleaner backupList+ BatChmod Carbon Copy Cloner 3.4.7 iDMG DaisyDisk dupeGuru Utilities/Gas Mask VLC
ClamXav ClamXav MyHarmony StuffIt Expander TeamViewer TurboTax Premier 2015 Utilities uTorrent VLC
HWMonitor - http://www.bresink.com/osx/HardwareMonitor.html NameChanger - https://mrrsoftware.com/namechanger/ Smaller - http://25.io/smaller/ Snapz Pro X - http://www.ambrosiasw.com/utilities/snapzprox/ The Hit List - http://www.karelia.com/products/the-hit-list/mac.html
One I didn't find in those previously posted:
The ones I didn't find in previous posts:
CopyPaste Pro GrandTotal Instashare Logiblock IDE QuickRes SubEthaEdit Subler
AudialHub Awaken CSSEdit PhotoSync Pixelmator VectorDesigner VisualHub WriteRoom iToner
I have to add the following apps (didn't find in previous posts):
Aurora HDR Pro DetectX Disc Cover 3 RE DiskCatalogMaker dreamboxEDIT DriveDx Espionage Exhibeo Focus CK (Creative Kit 2016 MacPhun) Freeway Express Freeway Pro FX Photo Studio CK (Creative Kit 2016 MacPhun) Hazel.prefPane Intensify CK (Creative Kit 2016 MacPhun) IPNetMonitorX JavaAppletPlugin.plugin LaunchControl Lytro Desktop Mac2Tivo (Part of Toast Titanium 11) MailActOn.mailbundle MailTags.mailbundle Mail Perspectives.mailbundle Markly moneyGuru Noiseless CK (Creative Kit 2016 MacPhun) Recovery Partition Creator 3.8 Sidekick Snapheal CK (Creative Kit 2016 MacPhun) Tembo TiVo Transfer (Part of Toast Titanium 11) TmpDisk Tonality CK (Creative Kit 2016 MacPhun) Translate!It UninstallPKG VOX VPN Tracker 9 Wondershare PDF Editor Yosemite Tester
ChitChat https://github.com/stonesam92/ChitChat Hudl Mercury http://public.hudl.com/support/getting-video-online/mercury-for-mac/getting-started-with-mercury-for-mac/ Imposition Wizard https://pressnostress.com/iw/ Merlin Project http://projectwizards.net/en/products/merlin-project/what-is Toast 12 Titanium http://www.roxio.com/enu/products/toast/titanium/
/Applications/CleanMyMac 2.app/Contents/Frameworks/Sparkle.framework /Applications/DaisyDisk.app/Contents/Frameworks/Sparkle.framework /Applications/Debookee.app/Contents/Frameworks/Sparkle.framework /Applications/Game Capture HD.app/Contents/Frameworks/Sparkle.framework /Applications/Gyazo.app/Contents/Frameworks/Sparkle.framework /Applications/iFunBox.app/Contents/Frameworks/Sparkle.framework /Applications/OBS.app/Contents/Frameworks/Sparkle.framework /Applications/Reflector 2.app/Contents/Frameworks/Sparkle.framework /Applications/TeamViewer.app/Contents/Frameworks/Sparkle.framework /Applications/Utilities/XQuartz.app/Contents/Frameworks/Sparkle.framework /Applications/uTorrent.app/Contents/Frameworks/Sparkle.framework /Applications/VLC.app/Contents/Frameworks/Sparkle.framework
Airy.app Antidote 9.app Bartender 2.app CommandQ.app Facebook Messenger.app Fluid.app Fluid.app/Contents/Resources/FluidApp.app Google Hangout.app HipChat.app ImageOptim.app Impression.app inSSIDer.app LightPaper.app Loopback.app Piezo.app Sequel Pro.app Sketch.app SourceTree.app TinyGrab.app Wine.app WineBottler.app
@LasseRafn : HockeyApp for Mac only uses Sparkle with HTTPS, not sure why you added it to your list.
Some more apps:
Wrote a more precise command that output the app and the Sparkle BundleVersion from the plist.
find /Applications -name Sparkle.framework | sed 's,/Applications/\(.*\)\.app/Resources/Info.*,\1,'|while read fname; do
appname=$(echo $fname | sed -e 's/\/Contents\/Frameworks\/Sparkle\.framework//g' | sed -e 's/\/Applications\///g')
version="$(defaults read "$fname/Resources/Info" CFBundleShortVersionString)"
echo "$appname => $version"
done
More details here: https://hipsterpixel.co/2016/02/10/are-you-affected-by-the-sparkle-vulnerability-here-s-how-to-find-out/
Very surprised many use a 2008-2009 version of Sparkle...
@LasseRafn : HockeyApp for Mac only uses Sparkle with HTTPS, not sure why you added it to your list.
I'd just like to remind everyone that this thread is for listing all applications using Sparkle. It is NOT for listing only applications affected by the recent security vulnerability.
My list:
Adapter Airy Aurora HDR Pro Coda 2 ColorStrokes Convrt Cyberduck DiskMaker X Elmedia Player Folx Gas Mask GIF for Mac GOG Downloader GPG Keychain Handbreak Hear ImageAlpha ImageOptim IP Broadcaster iStumbler Kaleidoscope LiteIcon MacOptimizer MacPilot Malwarebytes Anti-Malware Malwarebytes Anti-Malware Monolingual Montage MPlayerX NetSpeedy Noiseless Pro Reflect Studio Scrivener SecureMailtoGenerator Smaller Snapheal Pro Sound Forge Pro Sound Siphon Spectacle Transmission VLC Wondershare Video Converter Ultimate Wondershare Video Editor
Electric Sheep Outline
Coda 2 Evernote iTerm Jumpcut MAMP MongoHub Sequel Pro TeamViewer Tower Transmit
@vallieres Thank you for your extended terminal commands... In my case, NON of my installed apps use any version newer then 1.12, despite that some of them just have been updated today or within the last 24h... The versions go even back down to 1.5 beta or even 1.1 "No Version in Information Window" (Freeway Pro). How can I as a user find out, if this is dangerous for the use of the apps onward?
@thotha you would need to setup a proxy and monitor outgoing connection and see if any of those seem to go to your app's servers but then again that is not a simple task. Your best bet is to contact them.
Apart from being information, why are you Sparkle guys gathering all the apps using your framework?
Using locate(1) (once its database is built) to find Sparkle.framework in more places than just /Applications:
in /Applications (or apps in a user directory):
Adium Air Display Host Alarm Clock Pro Audirvana Plus Bartender Bartender 2 BetterTouchTool BibDesk BitTorrent Bricksmith Camtasia 2 Chicken ControlPlane Cyberduck DesignPro DrawBerry Elmedia Player Eloquent Evernote Flux Fraise GPG Keychain Geekbench 3 HandBrake Image2Icon Inklet Isolator Jumpcut Karabiner LaTeXiT MDRP MPlayer OSX Extended OpenEmu Paintbrush Platypus RealPlayer Cloud Reflector 2 Remote Activity SafariCacheExplorer Senuti Simple Comic Snagit StuffIt Expander TeX Live Utility TeXShop Trampoline TunesKit for Mac UnRarX Unison VLC Vox Wallsaver WebKit Wine WineBottler Wondershare AllMyTube XLD XQuartz Zoom dff2dsf iChm iSkysoft iTube Studio jfControlServer smcFanControl
Miscellaneous bits elsewhere: /Library/Application Support/GPGTools/GPGMail_Updater.app /Library/Internet Plug-Ins/JavaAppletPlugin.plugin /Library/PreferencePanes/GPGPreferences.prefPane /Library/PreferencePanes/HyperDock.prefpane /Library/PreferencePanes/VOX Preferences.prefPane /Library/Services/GPGServices.service
a version of an app installed by MacPorts: /opt/local/MacGPG2/libexec/MacGPG2_Updater.app
An app produced by WineBottler: /Users/rlhamil/Desktop/abcAVI.app/Contents/Resources/Wine.bundle
And some leftovers from an OS update: /Library/SystemMigration/History/Migration-AF8CBD75-2455-4B1C-A87C-296C69E2FABE/QuarantineRoot/usr/local.hold/MacGPG2/libexec/MacGPG2_Updater.app
ApiKitchen Clip Manager 4 Clip Manager 5 Cyberduck DaisyDisk ImageOptim myFMbutler Clip Manager 3 PlistEdit Pro Reflector StuffIt TeamViewer
iFunbox find /Applications -name Sparkle.framework | awk -F'/' '{print $3}' | awk -F'.' '{print $1}'
Why is daisydisk appearing when it's downloaded from the App Store??
for a in $(ls /Applications); do defaults read "/Applications/$a/Contents/Info.plist" SUFeedURL 2>/dev/null | grep -v https >/dev/null && echo $a; done
for i in /Applications/*/Contents/Info.plist; do defaults read "$i" SUFeedURL 2>/dev/null; done
On Feb 10, 2016, at 19:41, Kosmic-Halo notifications@github.com wrote:
Why is daisydisk appearing when it's downloaded from the App Store??
Some apps come in both App Store and non App Store versions; this appears to be one of them. If purchased outside the App Store, that version needs an independent update mechanism, which is frequently Sparkle.
Edit: this issue has nothing to do with security. Applications are listed here just because they use Sparkle and we think they're cool.
Sparkle website lists some Mac apps that use the framework, but this list has been compiled a while ago.
Edit: thanks for your suggestions! We've got a long list!
Here's my list: