The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the claim this week after the release of version 8.9.2 of Notepad++, which includes a double-lock verification that any download of the tool from this point on is genuine. The latest version verifies the signed XML returned by the update server in addition to the first step of the hardening in version 8.8.9, released in December, which verifies the authenticity of the signed installer downloaded from GitHub. The application auto-updater has also been reinforced. These actions aren’t foolproof, Ho adm...