Sparkle Updater Security | Comic Strip Factory | David Durkee

Sparkle Updater Security

It has just come to our attention that a security vulnerability has been found in a popular framework named Sparkle which is used in many Mac applications to do software updates. Our users may be concerned about whether this affects Comic Strip Factory. We’ve looked into it, and according to the best information currently available, Comic Strip Factory users are safe from this vulnerability. According to the article in Ars Technica, two things need to be true for an application to be vulnerable. One is that it uses a version of the Sparkle framework earlier than 1.13.1, and the other is that it uses unencrypted http connections to download data. Comic Strip Factory does use a version of Sparkle earlier than 1.13.1 (which just came out a few days ago), but it also uses secure encrypted https connections for all data downloads in the software update process.

Please note that if you bought Comic Strip Factory from the Mac App Store, you have a version that doesn’t use Sparkle at all. Only the version that is purchased from our own web store uses this update framework.

We’ll be keeping an eye on this story to make sure we can keep our customers safe, and in the next revision of the program we will update to the latest version of Sparkle for added assurance.

© DWDurkee, LLC, 2016