Zorgiepoo

**Name of the Vulnerable Software and Affected Versions** Sparkle versions prior to 2.6.4 **Description** A security issue was found in Sparkle, where an attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks. This allows the attacker to potentially install malicious software. **Recommendations** For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of Sparkle’s update mechanism until a patch is applied.