Site icon The Mac Security Blog

Is Your Dropbox Software Up to Date?

Many people use Dropbox to share and synchronize files, but few people know when updates to the program are available. The application itself has no updater, and no notification when new versions are released. So, in order to find out if you need a new version, you need to check in the program’s Account preferences to find which version you have, then go to the Dropbox site and find the page where you can download a new version. (In case you’re curious, it’s https://www.dropbox.com/install.)

Thing is, it turns out that security researches discovered some disturbing weaknesses in Dropbox, allowing them to access files without users’s knowledge, but Dropbox has corrected their system to address these issues. These issues seem to involve the cloud side of Dropbox, not the client software, but there have been security issues involving the software as well. If users are never notified of new versions of the software, they may not think to go through the process to check for an update. (Several people pointed out that Dropbox is supposed to upgrade automatically, but we’ve not seen this, and many Mac users have not seen it either.)

We don’t know of very many Mac programs that do not at least alert users when updates are available – or have a preference allowing them to activate or deactivate such alerts. In addition, many Mac programs include the Sparkle framework, which checks for updates, downloads them, then installs them. Dropbox, because of the potential security risks involving files it stores, is remiss in not providing such a feature, meaning that users need to be proactive and check for updates regularly to ensure that their files are protected. It turns out that, after reading the article linked above about the Dropbox security issues, we checked our version of the program, and we were indeed out of date. FYI, the current version is 1.1.40.

Share this: