In my previous article on the excellent malware utility DetectX I covered generally how it works. But, the DetectX people have updated the app to include Sparkle detection. What is Sparkle you say? Read on my friend.
Perhaps you have been reading about this Sparkle vulnerability on the Internet of late. So, what is Sparkle then? Sparkle is a open source framework that application developers use in their apps. It allows applications to do self-updating within the app automatically. It appears that tons of developers use this programming framework. Apparently this Sparkle had a problem which allowed bad guys to send malicious updates to your Mac. The Sparkle folks have fixed this vulnerability, now it is up to app developers to implement the updated Sparkle version in their apps. How do you detect the vulnerable version on your Mac? There is some code you can put in the Terminal app and run it, but for us mere mortals there is an easier way.
Sparkle & DetectX
I have covered DetectX in a previous article. I just wanted to add that DetectX has built a Sparkle detector into their app. Here is how it works. First, you have to go to into the DetectX menu and enter the Preferences area to activate it:
Just check that little box, click “Done” and you are back in the program. Now all you have to do is click on the “Search” button and DetectX does it’s thing:
Once the search is over click on the small Information button bottom left corner of the window and you are taken to the “History View” where you get this log:
You have to scroll down to get the Sparkle activity. My scan revealed a couple of items that I went in and deleted, YMMV.
This is a very nice feature addition to DetectX. I recommend using it, but I am not sure that it is a cure all. I am very glad it is there, but the Sparkle vulnerability is a rather complex problem which may not be so simple to rectify. For now though, I do recommend turning on and using the DetectX Sparkle feature. It cannot hurt anything, that is for sure.
The Sparkle detection feature is just another reason to download and use DetectX on your Mac. It is free for home use, a very nice app indeed.