Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
gfxCardStatus doesn't load its updates over HTTPS, making it likely affected by the recent Sparkle vulnerability. Specifically, a MITM attacker can execute arbitrary remote code when the SUFeedURL isn’t loaded over HTTPS:
More information about the vulnerability:
Thanks! Hope to see it updated soon,
The text was updated successfully, but these errors were encountered:
Fixed in #225. I'll leave this open until a new version has been released with the fix.
Sorry, something went wrong.
All users are still vulnerable to this, since the latest version is still v2.3, released back in 2012.
Would you mind cutting a new release, which either:
This seems to be a big vulnerability which may lead to arbitrary code execution... :/ Could we get a release?
Ping @codykrieger, could we have a release?
Finally (!) putting out a beta release that fixes this and includes some Big Sur fixes (#336).
Alright—fixed in v2.5b1: https://gfx.io/downloads/gfxCardStatus-2.5b1.zip
No branches or pull requests