Sparkle, the framework most Mac apps use to download and install automatic updates is vulnerable to MITM attacks.
What does that mean for IPLocation?
Firstly the MacAppStore version receives updates directly from Apple servers and doesn’t use Sparkle at all.
For the Online Store (Direct) version IPLocation has been using HTTPS since its release to download the updates so you’re safe. The vulnerability applies only if the update is downloaded through a clear HTTP connection.
After a huge problem on Apple’s part last November, we’re back again. Same problem, Apple’s fault again and Mac AppStore apps crashing at startup.
Beginning February 14th, many of our users who purchased from the Mac App Store have experienced an issue where the application crashes while opening. What we know, so far, is this is another certificate issue on Apple’s end, preventing applications from properly validating a Mac App Store receipt.
The official word from Apple is that, in general, restarting the Mac in question should resolve the issue. In addition, for OS X El Capitan users, Apple says updating to OS X 10.11.2 or later is required, and OS X Snow Leopard users should be sure the Mac App Store Update for OS X Snow Leopard is installed. While what we have here is technically similar to what happened last November, it’s not quite the same and, being on Apple’s end, not something we could’ve prepared for. We’re grateful for your patience and understanding!
We’re not seeing the issue in-house, but we’ve learned a restart does not resolve the issue – reinstalling the application itself does.
Not much I can do about it - if you have this problem first try restarting. Only if that doesn’t work delete the application and redownload it from the Mac AppStore.
Following this news, I just wanted to say that more than 70% of my customer base is based on the Mac AppStore so the Mac AppStore version of IPLocation is not going anywhere and won’t for a long time. I’m not against most of the limitations of the Mac AppStore, mostly because I don’t need to interact that much with the filesystem and I don’t need any particular permission. I see how sandboxing might be annoying to some other kind of apps and I understand their developers’ reasons for leaving the Store. My only concern is that Apple is ignoring it, it’s understandable if Apple doesn’t update it nearly as often as the iOS counterpart. What’s not understandable is why bugs of this magnitude get out in the wild this often. Reinstalling almost every Mac AppStore app every three months shouldn’t be something that still happens in 2016. Hope we won’t be in the same state when next year comes around.
Always hoping for better news for the Mac AppStore, but it seems that it’s just gonna stay immutable, always neglected. And it’s remarkable that it’s still sort of working after being ignored for years.
Reminder: IPLocation is also available Directly through the Online Store.