It was getting hard to find spare parts for our decade-old Roomba so we needed to get a new robot vacuum cleaner. However, some family members have grown so attached to the old one so now we have a big and a baby robovac.
It started with an attempt to fix a flaky unit test, which expanded into deleting some unused code which expanded into deleting almost 4000 lines of code. A nice PR to finish off with before vacation starts!
Eating one of these is like eating a whole bag of Djungelvrål, it’s completely insane and I can’t stop
(I don’t know how Sparkle operates; if it only does the extraction after signature validation I guess an attack would be pretty hard to pull off even if you have a zero day in the archive decompressor.)
Step 1: find zero day vulnerability in obscure archive format
Step 2: add said archive format to the most popular 3rd party macOS software update framework
Step 3: ???