Month: March 2016

As I mentioned in a previous blog post we have updated Nisus Writer Express, Nisus Writer Pro, and InfoClick. These updates all contain the Sparkle security fix detailed here. As for the content of these updates, please read on.

Nisus Writer Pro

Along with the above mentioned Sparkle framework update, this new version fixes a bug where list items may not always update with the correct formatting, a localization issue with cross-references, and more. The complete list of changes and fixes can be found on the Nisus Writer Pro release notes page.

Nisus Writer Pro 2.1.4 is available now from the Mac App Store and from the Pro update page. It is a free update for our customers who already own Nisus Writer Pro 2.

Nisus Writer Pro 2.1.4 requires OS X 10.8.5 or higher.

Nisus Writer Express

Nisus Writer Express 3.5.4 also includes the updated Sparkle framework and includes a few fixes found since the release of Express 3.5.3. The complete list of changes and fixes can be found on the Express release notes page.

This new version is available now from the Mac App Store and from the Express update page. It is a free update for our customers who already own Nisus Writer Express 3.

Nisus Writer Express 3.5.4 requires OS X 10.8.5 or higher.

InfoClick

InfoClick 1.2.1 includes the updated Sparkle framework and a few fixes. The complete release notes for InfoClick can be found on its release notes page.

This new version is available now from our InfoClick update page. As of this writing, InfoClick is waiting to be reviewed in the Mac App Store. We will let you know when it becomes available there. This is a free update for our customers who own any version of InfoClick.

InfoClick 1.2.1 requires OS X 10.7.5 or higher.

We have released updates to Nisus Writer Express, Nisus Writer Pro, and InfoClick. There are bug fixes and enhancements, but there is also a security update that should be explained.

We use an automatic update framework called Sparkle, which is used by many developers to keep your applications up to date. A few weeks ago a potential security risk was found in this framework. The details can be found in this iMore article, but to summarize the problem is applications using the Sparkle framework are potentially vulnerable to “man in the middle” attacks.

To eliminate this potential security problem in our apps we have updated the Sparkle framework to the latest version. We have also added https to our website to ensure communication between our apps and our website is secure.

While the risk of this vulnerability actually affecting users is low, there is still risk. Updating the framework and adding https across our site eliminates this vulnerability.