Yet another reason to never let applications auto-update...

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Yet another reason to never let applications auto-update...

Post by barbaz »

*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Yet another reason to never let applications auto-update

Post by Thrawn »

The auto-update library depends on WebKit?! Why?!
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Yet another reason to never let applications auto-update

Post by therube »

The auto-update library depends on WebKit?! Why?!
Have you ever run, what should be stand-alone applications, that do embed the IE rendering engine within, thereby making that application susceptible to IE exploits.

Image

Mozilla [had] run into similar a long time back, Bug 435743 - Extension manager should load updates served from https signed by any installed CA.

And Malwarebytes has something going on currently, Malwarebytes Anti-Malware Vulnerability Disclosure.

And Mozilla may currently have an issue with "fonts", Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:42.0) Gecko/20100101 SeaMonkey/2.39
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Yet another reason to never let applications auto-update

Post by barbaz »

therube wrote:Have you ever run, what should be stand-alone applications, that do embed the IE rendering engine within, thereby making that application susceptible to IE exploits.

Image
... :!:
therube wrote:And Mozilla may currently have an issue with "fonts", Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities.
According to that link, Mozilla doesn't anymore, but latest stable release SeaMonkey does...
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Yet another reason to never let applications auto-update

Post by Thrawn »

therube wrote:Have you ever run, what should be stand-alone applications, that do embed the IE rendering engine within, thereby making that application susceptible to IE exploits.
Yes, it's called Windows Explorer, but I would have thought that Apple would have known better than that.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Yet another reason to never let applications auto-update

Post by barbaz »

Sparkle isn't made by Apple.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Yet another reason to never let applications auto-update

Post by Thrawn »

Oh, true, I missed that.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
Post Reply