The Mac Security Blog

dropbox

Is Your Dropbox Software Up to Date?

Many people use Dropbox to share and synchronize files, but few people know when updates to the program are available. The application itself has no updater, and no notification when new versions are released. So, in order to find out if you need a new version, you need to check in the program’s Account preferences to find which version you have, then go to the Dropbox site and find the page where you can download a new version. (In case you’re curious, it’s https://www.dropbox.com/install.)

Thing is, it turns out that security researches discovered some disturbing weaknesses in Dropbox, allowing them to access files without users’s knowledge, but Dropbox has corrected their system to adress these issues. These issues seem to involve the cloud side of Dropbox, not the client software, but there have been security issues involving the software as well. If users are never notified of new versions of the software, they may not think to go through the process to check for an update. (Several people pointed out that Dropbox is supposed to upgrade automatically, but we’ve not seen this, and many Mac users have not seen it either.)

We don’t know of very many Mac programs that do not at least alert users when updates are available – or have a preference allowing them to activate or deactivate such alerts. In addition, many Mac programs include the Sparkle framework, which checks for updates, downloads them, then installs them. Dropbox, because of the potential security risks involving files it stores, is remiss in not providing such a feature, meaning that users need to be proactive and check for updates regularly to ensure that their files are protected. It turns out that, after reading the article linked above about the Dropbox security issues, we checked our version of the program, and we were indeed out of date. FYI, the current version is 1.1.40.

August 18, 2011 Other Software
View Comments

  • http://www.intego.com Intego

    This is a test.

  • test_2 intego

    This is a bigger test with a lot more words inside it because it’s not worth testing it with only a few words when it’s possible to type so many. Actually, if I hadn’t anything to do, I could type a so big comment that I would reach the limit of the hosting capabilities. Needless to say, that this comment will also enable checking whether the layout is not broken when a comment is very long (and so interesting).

  • jack nahon

    I love DropBox

  • jack nahon

    Thanks Dropbox

  • http://pulse.yahoo.com/_PTSZXY77GMYQJ2HMXQIEMJW2BI brian

    According to this support article (https://www.dropbox.com/help/13), Dropbox does roll-out updates over time.

    • http://www.intego.com Intego

      This is what they claim. But in our experience, and in the experience of many Mac users, this doesn’t happen.

  • http://www.rempe.us Glenn Rempe

    My DropBox client is now at v1.1.45 (note that this is also a later version than 1.1.40 that was current at the time of your blog post).  And yes, it updated itself to that version with no user intervention.

  • http://www.rempe.us Glenn Rempe

    My DropBox client is now at v1.1.45 (note that this is also a later version than 1.1.40 that was current at the time of your blog post).  And yes, it updated itself to that version with no user intervention.