Verify no HTTP update URLs for Sparkle Updater [FAILED]

[boy412]

I am not sure why I am unable to "fix" this vulnerability on my system. Everything else is clean!

:)

[GitTheHellOutaHere]

Osxlockdown is not able to fix this issue which is a security vulnerability in the Sparkle updaters included in many apps. Only the individual developers can fix the issue that exists within their apps - they must change their update addresses from HTTP to HTTPS.
Some software developers have already fixed their updaters, but many others have not.

You can read about the vulnerability here (https://tidbits.com/article/16261), pay attention to the Pastebin link which leads to a Terminal command which will list all the apps in your Applications folder which have not yet been fixed.

I ran the command and and 23 apps were listed as still vulnerable. Many are popular apps, such as VLC, Data Rescue, Drive Genius and A Better Finder Rename.

To make it easy, here's the command:

for app in /Applications//Contents/Frameworks/Sparkle.framework; do plist=${app/Frameworks/Sparkle.framework/Info.plist}; url=defaults read "$plist" SUFeedURL 2>/dev/null; if [[ $url != "https" ]]; then echo ${app/.app/} " and plist=$plist"; fi; done*