An easy way to check your apps for the Sparkle vulnerability

This is a good time – before you upgrade to macOS Sierra – to check through your apps and update them. As I pointed out, this is also an ideal opportunity to ensure that you don’t have any old apps which still contain an insecure version of Sparkle Update, the common tool for third party (non App Store) apps to check for and install updates.

There is a shell script which can check through your apps for vulnerable Sparkle updaters, but it seems little used, and for many is not exactly convenient. So here’s a little AppleScript app which should be more helpful.

What it does simply looks through all the apps at the top level of your Applications folder, to see whether they include Sparkle update. For each which does, it checks the Sparkle Update version number, and writes the app name and Sparkle version to a text file. You can then use that to update any that have a version number earlier than 1.13.1, which is the first to be properly secure.

How to use it

This app is unsigned, so when you first run it, you’ll need to use the Finder’s Open command to allow it past Gatekeeper. When it has been run once, you should not need to repeat that.


The app first asks you whether you want to run the script. Click on the Run button.


You will then be prompted to create a new file to contain the report. Choose where you want the file to be saved, and under what name. SparkleCheck will then check through all those apps, and write a report out to that file. It may take a minute or so to complete, but once it has done so, it will quit quietly.


The text files which it creates only list those apps it found which contain Sparkle. For each it gives the app’s name, and the version of Sparkle found there. Version 1.13.1, 1.14.0 and later are all free from the vulnerability, and safe to keep; 1.13.0 and earlier are almost certain to be vulnerable and you should update that app if possible.

As I have a lot of apps, many of which are out of date and vulnerable, I have a bout of updating and cleaning up, trash the outout file, and when I next have time, I run SparkleCheck again. It keeps track of your efforts to update or replace old apps.

Here is the app, Zipped into an archive: sparklecheck
Simply unzip and run it.

A second article explaining the script follows. is free of all restrictions, free to use, copy, and distribute non-commercially. However I would prefer you to link to this article, please, where I will post any updates.