alt Hacker NewsSo they say at the provider level update traffic was redirected . Does this also mean their update endpoints didn’t do encryption?
Replies
getcrunk • today at 2:35 AM
Yea, should have finished reading. Remediation was to “ verify both the certificate and the signature of the downloaded installer. “
I mean for such a dev focused and extremely performant app, that’s disappointing.
Glad I’m off windows as of late
It's also possible the update manifest contained an url that the updater blindly trusted, and by modifying that file you could change what got downloaded.