If I got it right, someone took over the server that serves updates and switches that with their own payloads, for select users.
Current app version trusts the server ssl, but since itself was compromised it just updated itself with bad code. Next app version will also sign the payloads, so assuming that this would prevent from future bogus updates.
If I got it right, someone took over the server that serves updates and switches that with their own payloads, for select users.
Current app version trusts the server ssl, but since itself was compromised it just updated itself with bad code. Next app version will also sign the payloads, so assuming that this would prevent from future bogus updates.