A vulnerability in the Sparkle tool used to deliver app updates can open OS X apps up like cans of beans and allow potential hackers to load up Macs with malware, according to coders and their troublesome proofs of concept.
One such proof demonstrates a form of remote code execution triggered by interrupting a Sparkle update session, exploiting the fact that some apps use an unencrypted HTTP channel to download their updated versions.
Both the El Capitan and Yosemite versions of OS X may be exploited in such fashion says this clever man, who explains his methods with: "After we control unencrypted traffic from the Bob machine by setting up one of the attacks inside your LAN, like fake Wi-Fi Access Point or sniffing/spoofing, this part is ready. Now we can spoof DNS probes for the AppCast server and send our malformed response."
So it's a bit more complex than guessing someone's password or leaving comments on Facebook when a person leaves their phone unattended, but still. It highlights the fact that even Apple's immense security chains are only as strong as the cheap links inserted by third parties. [Vulnsec via Ars]