Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2025-10016
- EPSS 0.03%
- Published 16.09.2025 10:03:28
- Last modified 16.09.2025 12:49:16
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawn...
4.8
CVE-2025-10015
- EPSS 0.01%
- Published 16.09.2025 10:03:22
- Last modified 16.09.2025 12:49:16
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the appli...
6.8
CVE-2025-0509
- EPSS 0.02%
- Published 04.02.2025 20:15:49
- Last modified 05.08.2025 14:35:15
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
1