tl;dr A network operator can perform a MitM attack on the built-in updater’s call-out checking for updates by faking the Notepad++ update website, telling it a new version is available at <malware URL> and then downloading and running the malware
It requires a malicious network operator, or preexisting malware on the host.
tl;dr A network operator can perform a MitM attack on the built-in updater’s call-out checking for updates by faking the Notepad++ update website, telling it a new version is available at <malware URL> and then downloading and running the malware
It requires a malicious network operator, or preexisting malware on the host.
I would doubt that the average self-updating Windows program has better security.