View Full Version : Alerts
AplusWebMaster
2016-12-07, 12:26
FYI...
WordPress 4.7 released
- https://wordpress.org/download/
Dec 6, 2016 - "The latest stable release of WordPress (Version 4.7) is available..."
Changelog 4.7
- https://codex.wordpress.org/Changelog/4.7
- https://codex.wordpress.org/Version_4.7
- https://wordpress.org/about/requirements/
- https://wordpress.org/download/release-archive/
:fear:
AplusWebMaster
2016-12-12, 20:34
FYI...
- https://support.apple.com/en-us/HT201222
iOS 10.2 released
- https://support.apple.com/en-us/HT207422
Dec 12, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://appleinsider.com/articles/16/12/12/apple-releases-ios-102-with-new-tv-app-plus-new-refreshed-emoji
Dec 12, 2016
- http://www.securitytracker.com/id/1037429
CVE Reference: CVE-2016-4689, CVE-2016-4690, CVE-2016-4781, CVE-2016-7597, CVE-2016-7601, CVE-2016-7626, CVE-2016-7634, CVE-2016-7638, CVE-2016-7651, CVE-2016-7653, CVE-2016-7664, CVE-2016-7665
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain passwords on the target system.
A remote or local user can bypass security controls on the target system.
Solution: The vendor has issued a fix (10.2)...
___
tvOS 10.1
- https://support.apple.com/en-us/HT207425
Dec 12, 2016
watchOS 3.1.1
- https://support.apple.com/en-us/HT207426
Dec 12, 2016
___
- https://www.us-cert.gov/ncas/current-activity/2016/12/12/Apple-Releases-Security-Updates
Dec 12, 2016
:fear:
AplusWebMaster
2016-12-15, 11:50
FYI...
- https://support.apple.com/en-us/HT201222
Safari 10.0.2
- https://support.apple.com/en-us/HT207421
Dec 13, 2016 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.2..."
- http://www.securitytracker.com/id/1037459
CVE Reference: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.0.2
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.0.2)...
iCloud for Windows 6.1
- https://support.apple.com/en-us/HT207424
Dec 13, 2016 - "Available for: Windows 7 and later..."
iTunes 12.5.4 for Windows
- https://support.apple.com/en-us/HT207427
Dec 13, 2016 - "Available for: Windows 7 and later..."
macOS Sierra 10.12.2
- https://support.apple.com/en-us/HT207423
Dec 13, 2016 - "Available for: macOS Sierra 10.12.1..."
- http://www.securitytracker.com/id/1037469
CVE Reference: CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663
Dec 14 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data and files on the target system.
Solution: The vendor has issued a fix (10.12.2)...
Transporter 1.9.2
- https://support.apple.com/en-us/HT207432
Dec 5, 2016 - "Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit), Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)..."
___
- https://www.us-cert.gov/ncas/current-activity/2016/12/14/Apple-Releases-Security-Updates
Dec 14, 2016
:fear::fear::fear:
AplusWebMaster
2016-12-29, 11:25
FYI...
Thunderbird 45.6 released
- https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
Dec 28, 2016
Fixed: The system integration dialog was shown every time when starting Thunderbird
Fixed: Various security fixes...
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.6
> https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
Critical
Fixed in: Thunderbird 45.6 ...
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.6
___
- https://www.us-cert.gov/ncas/current-activity/2016/12/28/Mozilla-Releases-Security-Update
Dec 28, 2016
:fear::fear:
AplusWebMaster
2017-01-04, 15:40
FYI...
Adblock Plus 1.6 for Internet Explorer released
- https://adblockplus.org/releases/adblock-plus-16-for-internet-explorer-released
2017-01-03 - "... Adblock Plus 1.6 for Internet Explorer. This update brings a bunch of features... we are switching to CSS injection for element hiding, instead of a custom DOM traverser. This change was implemented for a more powerful element hiding. The new way of element hiding through CSS injection will work only on IE10+. But since we support IE8+ we have also made improvements to the traverser itself and fixed other bugs, which should make the general ad blocking experience more robust. We have also resolved a case where ABP for Internet Explorer would crash, so a more stable experience is also to be expected. You can see the full list of changes included in the release here*."
* https://issues.adblockplus.org/query?group=status&milestone=Adblock-Plus-for-Internet-Explorer-1.6
___
Note: The update -asked- for "System restart" to complete the install (Win7 system)...
:blink: :fear:
AplusWebMaster
2017-01-13, 11:43
FYI...
WordPress 4.7.1 released
- https://wordpress.org/download/
Jan 11, 2017 - "The latest stable release of WordPress (Version 4.7.1) is available..."
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Jan 11, 2017 - "... This is a security release for all previous versions and we strongly encourage you to update your sites immediately... eight security issues... In addition to the security issues... WordPress 4.7.1 fixes 62 bugs from 4.7..."
- https://codex.wordpress.org/Version_4.7.1
11 Jan, 2017
- https://wordpress.org/about/requirements/
- https://wordpress.org/download/release-archive/
___
- http://www.securitytracker.com/id/1037591
Jan 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7 and prior versions...
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.1)...
:fear:
AplusWebMaster
2017-01-19, 19:45
FYI...
- https://support.apple.com/en-us/HT201222
GarageBand 10.1.5
- https://support.apple.com/en-us/HT207477
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later..."
- http://www.securitytracker.com/id/1037627
CVE Reference: CVE-2017-2372
Jan 18 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (10.1.5)...
___
Logic Pro X 10.3
- https://support.apple.com/en-us/HT207476
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later (64 bit)..."
___
- http://arstechnica.com/security/2017/01/newly-discovered-mac-malware-may-have-circulated-in-the-wild-for-2-years/
Jan 18, 2017
- https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Jan 18, 2017
:fear::fear:
AplusWebMaster
2017-01-23, 23:01
FYI...
- https://support.apple.com/en-us/HT201222
iOS 10.2.1 released
- https://support.apple.com/en-us/HT207482
Jan 23, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://www.securitytracker.com/id/1037668
CVE Reference: CVE-2016-8687, CVE-2017-2350, CVE-2017-2351, CVE-2017-2352, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2360, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2368, CVE-2017-2369, CVE-2017-2370, CVE-2017-2371, CVE-2017-2373
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can bypass security controls on the target system.
A remote user can gain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.2.1)...
___
iTunes 12.5.5 for Windows
- https://support.apple.com/en-us/HT207486
Jan 23, 2017 - "Available for: Windows 7 and later..."
___
Safari 10.0.3 released
- https://support.apple.com/en-us/HT207484
Jan 23, 2017 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3..."
- http://www.securitytracker.com/id/1037669
CVE Reference: CVE-2017-2359
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can spoof a URL.
Solution: The vendor has issued a fix (10.0.3)...
___
iCloud for Windows 6.1.1 released
- https://support.apple.com/en-us/HT207481
Jan 23, 2017 - "Available for: Windows 7 and later..."
___
macOS Sierra 10.12.3 released
- https://support.apple.com/en-us/HT207483
Jan 23, 2017 - "Available for: macOS Sierra 10.12.2..."
- http://www.securitytracker.com/id/1037671
CVE Reference: CVE-2017-2353, CVE-2017-2357, CVE-2017-2358, CVE-2017-2361
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: An application can gain elevated privileges on the target system.
An application can determine kernel memory layout.
A remote user can execute arbitrary scripting code on the target user's system.
Solution: The vendor has issued a fix (10.12.3)...
___
tvOS 10.1.1
- https://support.apple.com/en-us/HT207485
Jan 23, 2017 - "Available for: Apple TV (4th generation)..."
___
watchOS 3.1.3
- https://support.apple.com/en-us/HT207487
Jan 23, 2017 - "Available for: All Apple Watch models..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/01/23/Apple-Releases-Security-Updates
Jan 23, 2017
:fear::fear:
AplusWebMaster
2017-01-27, 11:05
FYI...
Thunderbird 45.7 released
- https://www.mozilla.org/en-US/thunderbird/45.7.0/releasenotes/
Jan 26, 2017
- https://www.mozilla.org/en-US/thunderbird/releases/
Fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.7
Security vulnerabilities fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
Jan 26, 2017
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.7
___
- https://www.us-cert.gov/ncas/current-activity/2017/01/26/Mozilla-Releases-Security-Update
Jan 26, 2017
:fear::fear:
AplusWebMaster
2017-01-27, 11:19
FYI...
WordPress 4.7.2 released
- https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Jan 26, 2017 - "WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately..."
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.7.2) is available..."
- https://codex.wordpress.org/Version_4.7.2
- https://wordpress.org/download/release-archive/
- https://wordpress.org/news/category/security/
- https://wordpress.org/about/requirements/
___
- http://www.securitytracker.com/id/1037731
CVE Reference: CVE-2017-5610, CVE-2017-5611, CVE-2017-5612
Updated: Jan 30 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7.1 and prior ...
Impact: A remote user can obtain potentially sensitive information on the target system.
A remote user can execute SQL commands on the underlying database.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.2)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/01/26/WordPress-Releases-Security-Update
Last revised: Feb 01, 2017 - "... On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2."
:fear::fear:
AplusWebMaster
2017-02-09, 11:23
FYI...
Thunderbird 45.7.1 released
- https://www.mozilla.org/en-US/thunderbird/45.7.1/releasenotes/
Feb 7, 2017
Fixed: Crash when viewing certain IMAP messages (introduced in 45.7.0)
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.7.1
:fear::fear:
AplusWebMaster
2017-03-06, 21:14
FYI...
WordPress 4.7.3 released
- https://wordpress.org/news/
Mar 6, 2017 - "WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.2 and earlier are affected by six security issues:
1. Cross-site scripting (XSS) via media file metadata...
2. Control characters can trick redirect URL validation...
3. Unintended files can be deleted by administrators using the plugin deletion functionality...
4. Cross-site scripting (XSS) via video URL in YouTube embeds...
5. Cross-site scripting (XSS) via taxonomy term names...
6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources...
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series...
Release notes
- https://codex.wordpress.org/Version_4.7.3
Download
- https://wordpress.org/download/
___
- http://www.securitytracker.com/id/1037959
Mar 7 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7.2 and prior ...
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can consume excessive server resources on the target system.
A remote user can bypass redirect URL validation on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.3)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/03/06/WordPress-Releases-Security-Update
Mar 06, 2017
:fear::fear:
AplusWebMaster
2017-03-08, 14:15
FYI...
Thunderbird 45.8.0 released
- https://www.mozilla.org/en-US/thunderbird/45.8.0/releasenotes/
Mar 7, 2017
Fixed in Thunderbird 45.8
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.8
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-03-16, 00:38
FYI...
Adblock Plus 1.13 for Chrome and Opera released
- https://adblockplus.org/releases/adblock-plus-113-for-chrome-and-opera-released
2017-03-15
Install Adblock Plus 1.13 for Chrome
Install Adblock Plus 1.13 for Opera
This is a major release containing some user interface improvements...
Changes:
- Further improved our WebSocket (issue 4643, 4807) and popup (issue 4834) blocking capabilities.
- Improved the “Block element” tool, fixing a bug where the dialog window would sometimes fail to open (issue 4714) and another which very rarely caused the currently targeted element(s) not to be highlighted (issue 4603).
- Improved the “Add your own filters” interface in the Options page. Extremely large filters are now displayed properly (issue 1121), and the interface is much more responsive when dealing with large numbers of custom filters (issue 4752).
- Improved the Adblock Plus developer tools pane. Chrome’s dark theme is now supported (issue 4136), the Control-F search interface now works (issue 4644) and elements hidden by CSS property filters are now listed (issue 3596).
- Worked around a limitation with Chrome’s onCommitted event which caused many problems (issue 4598, 4599, 4647, 4804). Most notably this caused some requests to be improperly blocked / not blocked...
:spider:
AplusWebMaster
2017-03-25, 11:51
FYI...
- https://support.apple.com/en-us/HT201222
iTunes 12.6 released
- https://support.apple.com/en-us/HT207598
Mar 21, 2017 - "Available for: OS X Mavericks v10.9.5 and later..."
___
iTunes 12.6 for Windows
- https://support.apple.com/en-us/HT207599
Mar 21, 2017 - "Available for: Windows 7 and later..."
... added more "Entries" March 28, 2017
- http://www.securitytracker.com/id/1038157
CVE Reference: CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
Mar 29 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 12.6 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (12.6)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207599
___
- https://www.us-cert.gov/ncas/current-activity/2017/03/24/Apple-Releases-Security-Update-iTunes
Mar 24, 2017
:fear:
AplusWebMaster
2017-03-28, 13:25
FYI...
- https://support.apple.com/en-us/HT201222
Apple Releases Security Update for iWork
- https://www.us-cert.gov/ncas/current-activity/2017/03/27/Apple-Releases-Security-Update-iWork
Mar 27, 2017
- https://support.apple.com/en-us/HT207595
Mar 27, 2017 - "Available for: macOS 10.12 or later, iOS 10.0 or later..."
- http://www.securitytracker.com/id/1038134
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.1 ...
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (4.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595
- http://www.securitytracker.com/id/1038135
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (6.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595
- http://www.securitytracker.com/id/1038136
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7.1...
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (7.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595
___
Safari 10.1
- https://support.apple.com/en-us/HT207600
Mar 27 2017 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4.."
- http://www.securitytracker.com/id/1038137
CVE Reference: CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2378, CVE-2017-2385, CVE-2017-2386, CVE-2017-2389, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2444, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2453, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE-2017-2476, CVE-2017-2481 (Links to External Site)
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.1...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain potentially sensitive information on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Apple Safari software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.1).
The vendor advisory is available at: https://support.apple.com/en-us/HT207600
___
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
- https://support.apple.com/en-us/HT207615
Mar 27 2017
- http://www.securitytracker.com/id/1038138
CVE Reference: CVE-2016-5636, CVE-2016-7585, CVE-2017-2379, CVE-2017-2381, CVE-2017-2388, CVE-2017-2390, CVE-2017-2392, CVE-2017-2398, CVE-2017-2401, CVE-2017-2402, CVE-2017-2403, CVE-2017-2406, CVE-2017-2407, CVE-2017-2408, CVE-2017-2409, CVE-2017-2410, CVE-2017-2413, CVE-2017-2416, CVE-2017-2417, CVE-2017-2418, CVE-2017-2420, CVE-2017-2421, CVE-2017-2422, CVE-2017-2423, CVE-2017-2425, CVE-2017-2426, CVE-2017-2427, CVE-2017-2428, CVE-2017-2429, CVE-2017-2430, CVE-2017-2431, CVE-2017-2432, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2438, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2443, CVE-2017-2448, CVE-2017-2449, CVE-2017-2450, CVE-2017-2451, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2461, CVE-2017-2462, CVE-2017-2467, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-6974
Updated: Mar 28 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite).
The vendor advisory is available at: https://support.apple.com/en-us/HT207615
___
iOS 10.3
- https://support.apple.com/en-us/HT207617
Mar 27 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://www.securitytracker.com/id/1038139
CVE Reference: CVE-2017-2384, CVE-2017-2393, CVE-2017-2397, CVE-2017-2399, CVE-2017-2400, CVE-2017-2404, CVE-2017-2412, CVE-2017-2414, CVE-2017-2434, CVE-2017-2452, CVE-2017-2484
Mar 28 2017
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.3...
Impact: A remote user can access and modify certain iTunes data.
A local user can obtain potentially sensitive information on the target system.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (10.3).
The vendor advisory is available at: https://support.apple.com/en-us/HT207617
___
macOS Server 5.3
- https://support.apple.com/en-us/HT207604
Mar 27 2017 - "Available for: macOS 10.12.4 and later..."
- http://www.securitytracker.com/id/1038144
CVE Reference: CVE-2007-6750, CVE-2017-2382
Mar 28 2017
Impact: Denial of service via network, Disclosure of system information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can cause denial of service conditions.
A remote user can determine valid usernames on the target system.
Solution: The vendor has issued a fix (macOS Server 5.3).
The vendor advisory is available at: https://support.apple.com/en-us/HT207604
___
tvOS 10.2
- https://support.apple.com/en-us/HT207601
Mar 27 2017 - "Available for: Apple TV (4th generation)..."
___
watchOS 3.2
- https://support.apple.com/en-us/HT207602
Mar 27 2017 - "Available for: All Apple Watch models..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/03/27/Apple-Releases-Security-Update-iWork
Mar 27 2017
:fear::fear::fear:
AplusWebMaster
2017-03-29, 21:06
FYI...
- https://support.apple.com/en-us/HT201222
iCloud for Windows 6.2
- https://support.apple.com/en-us/HT207607
Mar 28, 2017 - "Available for: Windows 7 and later..."
:fear::fear:
AplusWebMaster
2017-04-03, 21:23
FYI...
- https://support.apple.com/en-us/HT201222
iOS 10.3.1
- https://support.apple.com/en-us/HT207688
Apr 3, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later...
Wi-Fi: Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975 ..."
___
- http://www.securitytracker.com/id/1038172
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6975
Apr 4 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user within WiFi range can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (10.3.1)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/04/03/Apple-Releases-Security-Update-iOS
April 03, 2017
:fear::fear:
AplusWebMaster
2017-04-11, 13:33
FYI...
Thunderbird 52.0 released
- https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/
April 4, 2017
Fixed in Thunderbird 52
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-09/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-04-15, 17:36
FYI...
Thunderbird 52.0.1 released
- https://www.mozilla.org/en-US/thunderbird/52.0.1/releasenotes/
April 14, 2017
Fixed:
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
- Clicking on a link in an email may not open this link in the external browser...
Complete list of changes in this release
- https://mzl.la/2nSk0Ft
373 bugs found
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-04-21, 11:46
FYI...
WordPress 4.7.4 released
- https://wordpress.org/news/
April 20, 2017 - "After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes* and the list of changes**. Download WordPress 4.7.4 or visit 'Dashboard → Updates' and simply click 'Update Now'. Sites that support automatic background updates are already beginning to update to WordPress 4.7.4..."
Release notes
* https://codex.wordpress.org/Version_4.7.4
** https://core.trac.wordpress.org/log/branches/4.7?rev=40487&stop_rev=40224
Download
- https://wordpress.org/download/
___
> https://wordpress.org/news/2017/05/wordpress-now-on-hackerone/
May 15, 2017 - "... WordPress is now officially on HackerOne*... HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress..."
* https://hackerone.com/wordpress
:fear::fear:
AplusWebMaster
2017-05-01, 13:38
FYI...
Thunderbird 52.1.0 released
- https://www.mozilla.org/en-US/thunderbird/52.1.0/releasenotes/
April 30, 2017
Fixed:
Background images not working and other issues related to embedded images when composing email
Google Oauth setup can sometimes not progress to the next step
Complete list of changes in this release
- https://bugzilla.mozilla.org/buglist.cgi?list_id=13560552&o1=equals&v1=53%2B&f1=cf_tracking_thunderbird_esr52&query_format=advanced
19 bugs found.
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-05-16, 01:47
FYI...
> https://support.apple.com/en-us/HT201222
iOS 10.3.2 released
- https://support.apple.com/en-us/HT207798
May 15, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation..."
- http://www.securitytracker.com/id/1038485
CVE Reference: CVE-2017-2498, CVE-2017-6982, CVE-2017-6989
May 15 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.3.2 ...
Impact: An application can cause denial of service conditions on the target system.
An application can obtain elevated privileges on the target system.
A user can bypass certificate validation on the target system.
Solution: The vendor has issued a fix (10.3.2)...
___
Safari 10.1.1
- https://support.apple.com/en-us/HT207804
May 15, 2017 - "Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5..."
- http://www.securitytracker.com/id/1038487
CVE Reference: CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
May 16 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can bypass code signing policy on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.1.1)...
___
macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
- https://support.apple.com/en-us/HT207797
May 15, 2017
- http://www.securitytracker.com/id/1038484
CVE Reference: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2545, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991
May 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.12.5...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain potentially sensitive information from system memory on the target system.
An application can obtain elevated privileges on the target system.
A remote user on a local network can obtain 802.1X authentication credentials.
Solution: The vendor has issued a fix (10.12.5)...
___
iCloud for Windows 6.2.1
- https://support.apple.com/en-us/HT207803
May 15, 2017
___
iTunes 12.6.1 for Windows
- https://support.apple.com/en-us/HT207805
May 15, 2017
___
tvOS 10.2.1
- https://support.apple.com/en-us/HT207801
May 15, 2017
___
watchOS 3.2.2
- https://support.apple.com/en-us/HT207800
May 15, 2017
___
- https://www.us-cert.gov/ncas/current-activity/2017/05/15/Apple-Releases-Security-Updates
May 15, 2017
:fear::fear:
AplusWebMaster
2017-05-16, 12:10
FYI...
Thunderbird 52.1.1 released
- https://www.mozilla.org/en-US/thunderbird/52.1.1/releasenotes/
May 15, 2017
Fixed:
- Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
- Unable to load full message via POP if message was downloaded partially (or only headers) before
- Some attachments can't be opened or saved if the message body is empty
- Crash when compacting IMAP folder
Known Issues:
unresolved:
- Large number of blank pages being printed under certain circumstances
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Workaround: Start in safe mode and -disable- McAfee Anti-Spam Extension
Complete list of changes in this release:
- https://bugzilla.mozilla.org/buglist.cgi?list_id=13560552&o1=equals&v1=53%2B&f1=cf_tracking_thunderbird_esr52&query_format=advanced
19 bugs found.
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-05-17, 22:18
FYI...
WordPress 4.7.5 released
- https://wordpress.org/news/2017/05/wordpress-4-7-5/
May 16, 2017 - "WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class...
- Improper handling of post meta data values in the XML-RPC API...
- Lack of capability checks for post meta data in the XML-RPC API...
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog...
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files...
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer...
In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes* or consult the list of changes**..."
* https://codex.wordpress.org/Version_4.7.5
** https://core.trac.wordpress.org/query?status=closed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priority&col=keywords&order=priority
___
- http://www.securitytracker.com/id/1038520
May 18 2017
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can cause the target user's browser to be -redirected- to an arbitrary web site.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The impact was -not- specified for two vulnerabilities.
Solution: The vendor has issued a fix (4.7.5)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/05/17/WordPress-Releases-Security-Update
May 17, 2017
:fear::fear::fear:
AplusWebMaster
2017-05-27, 01:09
FYI...
Adblock Plus 2.9 for Firefox released
- https://adblockplus.org/releases/adblock-plus-29-for-firefox-released
2017-05-25
Install Adblock Plus 2.9 for Firefox
"This release lays important groundwork for the Web Extensions migration. The way Adblock Plus stores its data has changed drastically, though for users everything should stay exactly the same (issue 5048). The new location of your filters and subscriptions is the browser-extension-data/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}/storage.js file in your Firefox profile, the same data will be used by the Adblock Plus build based on the Web Extensions platform once it is ready.
Additional changes:
- The hidden data_directory and please_kill_startup_performance preferences have been removed.
- It is now possible to use { and } in CSS property filters (issue 4684)."
:fear::fear:
AplusWebMaster
2017-06-08, 23:04
FYI...
WordPress 4.8 released
- https://wordpress.org/download/
Jun 8, 2017 - "The latest stable release of WordPress (Version 4.8) is available..."
Changelog
> https://codex.wordpress.org/Changelog/4.8
> https://codex.wordpress.org/Version_4.8
> https://wordpress.org/download/release-archive/
Updating WordPress
> https://codex.wordpress.org/Upgrading_WordPress
:fear::fear:
AplusWebMaster
2017-06-08, 23:07
FYI...
Adblock Plus 2.9.1 for Firefox released
- https://adblockplus.org/releases/adblock-plus-291-for-firefox-released
2017-06-07
Install Adblock Plus 2.9.1 for Firefox
"Unfortunately, the Adblock Plus 2.9 release didn’t go as smoothly as we hoped for. Most importantly, the performance degradation caused by the new data storage turned out more severe than we expected, some users were experiencing regular noticeable browser hangs. While the performance of reading and saving Adblock Plus filters hasn’t improved yet, we turned off filter hit counts by default in Adblock Plus 2.9.1 as a first consequence to make sure the data no longer needs to be saved that often (issue 5298). Users who need this functionality can turn it back on by clicking the ABP icon, going into “Options” and checking “Count filter hits.”
We will be looking into other ways to improve this, even though the main issue can only be resolved by the Firefox developers. It also wasn’t noticed before release that the new data storage doesn’t work in Thunderbird and SeaMonkey, so these users ended up with filters being reset on each restart. This has also been resolved in Adblock Plus 2.9.1 (issue 5279, issue 5285), the original data should show up again now..."
:fear::fear:
AplusWebMaster
2017-06-15, 12:45
FYI...
Thunderbird 52.2.0 released
- https://www.mozilla.org/en-US/thunderbird/52.2.0/releasenotes/
June 14, 2017
What’s New:
Fixed:
- Embedded images not shown in email received from Hotmail/Outlook webmailer
- Detection of non-ASCII font names in font selector
- Attachment not forwarded correctly under certain circumstances
- Multiple requests for master password when GMail OAuth2 is enabled
- Large number of blank pages being printed under certain circumstances when invalid preferences were present
- Messages sent via the Simple MAPI interface are forced to HTML
- Calendar: Invitations can't be printed
- Mailing list (group) not accessible from macOS or Outlook address book
- Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
Various security fixes:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.2
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
___
- https://www.us-cert.gov/ncas/current-activity/2017/06/15/Mozilla-Releases-Security-Update
June 15, 2017
:fear::fear:
AplusWebMaster
2017-06-26, 11:30
FYI...
Thunderbird 52.2.1 released
- https://www.mozilla.org/en-US/thunderbird/52.2.1/releasenotes/
June 23, 2017
Fixed: Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear:
AplusWebMaster
2017-07-19, 23:12
FYI...
Apple security updates
- https://support.apple.com/en-us/HT201222
July 19, 2017
iOS 10.3.3
- https://support.apple.com/en-us/HT207923
July 19, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation..."
- http://www.securitytracker.com/id/1038950
CVE Reference: CVE-2017-2517, CVE-2017-7006, CVE-2017-7007, CVE-2017-7008, CVE-2017-7009, CVE-2017-7010, CVE-2017-7011, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7022, CVE-2017-7023, CVE-2017-7024, CVE-2017-7025, CVE-2017-7026, CVE-2017-7027, CVE-2017-7028, CVE-2017-7029, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7047, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7058, CVE-2017-7059, CVE-2017-7060, CVE-2017-7061, CVE-2017-7062, CVE-2017-7063, CVE-2017-7064, CVE-2017-7068, CVE-2017-7069, CVE-2017-8248, CVE-2017-9417
Jul 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.3.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain potentially sensitive information on the target system.
A local user can obtain potentially sensitive information from system memory on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site's interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.
Solution: The vendor has issued a fix (10.3.3)...
macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite
- https://support.apple.com/en-us/HT207922
July 19, 2017
- http://www.securitytracker.com/id/1038951
CVE Reference: CVE-2017-7014, CVE-2017-7015, CVE-2017-7016, CVE-2017-7017, CVE-2017-7021, CVE-2017-7031, CVE-2017-7032, CVE-2017-7033, CVE-2017-7035, CVE-2017-7036, CVE-2017-7044, CVE-2017-7045, CVE-2017-7050, CVE-2017-7051, CVE-2017-7054, CVE-2017-7067
Jul 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.12.5 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain potentially sensitive information from system memory on the target system.
An application can obtain elevated privileges on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.12.6, Security Update 2017-003 El Capitan, Security Update 2017-003 Yosemite).
Safari 10.1.2
- https://support.apple.com/en-us/HT207921
July 19, 2017 - "Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6..."
iTunes 12.6.2 for Windows
- https://support.apple.com/en-us/HT207928
July 19, 2017
iCloud for Windows 6.2.2
- https://support.apple.com/en-us/HT207927
July 19, 2017
tvOS 10.2.2
- https://support.apple.com/en-us/HT207924
July 19, 2017
watchOS 3.2.3
- https://support.apple.com/en-us/HT207925
July 19, 2017
Wi-Fi Update for Boot Camp 6.1
- https://support.apple.com/en-us/HT207940
Published Date: Jul 21, 2017 - "Available for the following machines while running Boot Camp: MacBook Air (Late 2010 and later), MacBook Pro (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Mid 2010 and later), MacBook (Mid 2010 and later)..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/07/19/Apple-Releases-Security-Updates
July 19, 2017
:fear:
AplusWebMaster
2017-08-18, 02:10
FYI...
Thunderbird 52.3.0 released
- https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/
Aug 16, 2017
Fixed:
- Unwanted inline images shown in rogue SPAM messages
- Deleting message from the POP3 server not working when maildir storage was used
- Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
- Inline images not scaled to fit when printing
- Selected text from another message sometimes included in a reply
- No authorisation prompt displayed when inserting image into email body although image URL requires authentication
- Large attachments taking a long time to open under some circumstances
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
Critical:
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3
___
- https://www.us-cert.gov/ncas/current-activity/2017/08/21/Mozilla-Releases-Security-Update
Aug 21, 2017
:fear:
AplusWebMaster
2017-09-20, 01:10
FYI...
> https://support.apple.com/en-us/HT201222
iOS 11
- https://support.apple.com/en-us/HT208112
Sep 19, 2017 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."
- http://www.securitytracker.com/id/1039385
CVE Reference: CVE-2017-7072, CVE-2017-7085, CVE-2017-7088, CVE-2017-7089, CVE-2017-7097, CVE-2017-7106, CVE-2017-7118, CVE-2017-7133
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.0 ...
Impact: A remote user can cause denial of service conditions.
A remote user can spoof the address bar.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (11.0)...
> https://support.apple.com/en-us/HT204204
___
Safari 11
- https://support.apple.com/en-us/HT208116
Sep 19, 2017 - "Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6..."
- http://www.securitytracker.com/id/1039384
CVE Reference: CVE-2017-7085, CVE-2017-7089, CVE-2017-7106
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.0 ...
Impact: A remote user can spoof the address bar.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (11.0)...
___
Xcode 9
- https://support.apple.com/en-us/HT208103
Sep 19, 2017 - "Available for: macOS Sierra 10.12.6 or later..."
- http://www.securitytracker.com/id/1039386
CVE Reference: CVE-2017-7076, CVE-2017-7134, CVE-2017-7135, CVE-2017-7136, CVE-2017-7137
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (9.0)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apple-Releases-Security-Updates
Sep 19, 2017
:fear:
AplusWebMaster
2017-09-20, 23:07
FYI...
WordPress 4.8.2 Security and Maintenance Release
- https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
Sep 19, 2017 - "WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately..."
Release notes: https://codex.wordpress.org/Version_4.8.2
Change List:
- https://core.trac.wordpress.org/query?status=closed&milestone=4.8.2&group=component&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priority&col=keywords&order=priority
> https://wordpress.org/download/release-archive/
Download: https://wordpress.org/download/
___
- https://www.us-cert.gov/ncas/current-activity/2017/09/20/WordPress-Releases-Security-Update
Sep 20, 2017
:fear::fear:
AplusWebMaster
2017-09-25, 23:49
FYI...
> https://support.apple.com/en-us/HT201222
iCloud for Windows 7.0
- https://support.apple.com/en-us/HT208142
Sep 25, 2017 - "Available for: Windows 7 and later..."
___
macOS High Sierra 10.13
- https://support.apple.com/en-us/HT208144
Sep 25, 2017 - "Available for: OS X Lion 10.8 and later..."
- http://www.securitytracker.com/id/1039427
CVE Reference: CVE-2016-9042, CVE-2016-9063, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-0381, CVE-2017-1000373, CVE-2017-10989, CVE-2017-11103, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-7074, CVE-2017-7077, CVE-2017-7078, CVE-2017-7080, CVE-2017-7082, CVE-2017-7083, CVE-2017-7084, CVE-2017-7086, CVE-2017-7114, CVE-2017-7119, CVE-2017-7127, CVE-2017-7128, CVE-2017-7129, CVE-2017-7130, CVE-2017-7138, CVE-2017-7141, CVE-2017-7143, CVE-2017-7144, CVE-2017-9233
Sep 25 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Version(s): prior to 10.13 ...
Impact: A remote or local user can cause denial of service conditions on the target system.
A local user can obtain elevated privileges on the target system.
A local user can obtain potentially sensitive information on the target system.
A remote or local user can bypass security controls on the target system.
An application can execute arbitrary code with elevated privileges.
Solution: The vendor has issued a fix (10.13)...
___
macOS Server 5.4
- https://support.apple.com/en-us/HT208102
Sep 25, 2017 - "Available for: macOS High Sierra 10.13..."
___
iTunes 12.7 for Windows
- https://support.apple.com/en-us/HT208141
Sep 12, 2017 ? - "Available for: Windows 7 and later..."
- http://www.securitytracker.com/id/1039428
CVE Reference: CVE-2017-7081, CVE-2017-7087, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
Sep 25 2017
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass same-origin restrictions on the target system.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (12.7)...
___
iTunes 12.7
- https://support.apple.com/en-us/HT208140
Sep 12, 2017 ? - "Available for: OS X Yosemite 10.10.5 and later..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/09/25/Apple-Releases-Security-Updates
Sep 25, 2017
:fear:
AplusWebMaster
2017-09-26, 22:43
FYI...
> https://support.apple.com/en-us/HT201222
iOS 11.0.1
> https://support.apple.com/en-us/HT208143
Sep 26, 2017 - "iOS 11.0.1 includes the security content of iOS 11."
> https://support.apple.com/en-us/HT204204
___
Apple releases iOS 11.0.1 software update for iPhone and iPad
> https://9to5mac.com/2017/09/26/ios-11-0-1/
Sep 26, 2017 - "Apple has released the first software update to iOS 11 with iOS 11.0.1 for iPhone and iPad. The build comes in at 15A402 (or 15A403), up from 15A372 for iOS 11.0. As a bug fix and performance improvements update, we don’t expect any feature changes in this release. These updates typically make everything run smoother and potentially help with battery life* and any lingering bugs..."
* https://9to5mac.com/2017/09/25/ios-11-battery-life-problems/
>> http://osxdaily.com/2017/09/26/ios-11-0-1-update-download-iphone-ipad/
Sep 26, 2017 - "... It’s unclear if the iOS 11.0.1 software update will address any reported iOS 11 battery life problems, problems with Outlook and Microsoft email, or other issues encountered with the recent iOS 11 release, but the update is recommended to install for everyone on iOS 11, whether or not they are experiencing software issues since updating their iPhone or iPad..."
> https://support.apple.com/en-us/HT208136
Sep 26, 2017 - "You might not be able to send email with an Outlook.com, Office 365, or Exchange account until you update to iOS 11.0.1. If your email account is hosted by Microsoft on Outlook.com or Office 365, or an Exchange Server 2016 running on Windows Server 2016, you might see this error message when you try to send an email with iOS 11: "Cannot Send Mail. The message was rejected by the server." To fix the issue, update to iOS 11.0.1 or later."
> https://www.wandera.com/blog/ios-11-battery-drain/
Sep 21, 2017 - "... Some iPhone and iPad users are reporting installation problems, slow speed, issues with Bluetooth and Wi-Fi and one that caught our eye specifically – faster battery drain..."
>> https://www.wandera.com/wp-content/uploads/2017/09/ios_battery_comp-1200x624.png
> https://ios.gadgethacks.com/how-to/improve-battery-life-your-iphone-ios-11-0177756/
Sep 20, 2017 - "... Check Battery Usage: The first step in treating your battery problem is to see where the problem may be stemming, so head to Settings –> Battery. You should be able to see what apps have been draining your iPhone's battery life over the last 24 hours, as well as another period of time (usually seven days). If you tap on any of the apps in the list, or if you tap the clock icon in the top-right corner next to the time tabs, you will see how much time each app has been used on the screen, as well has how much time the app has spent working in the background..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/09/26/Apple-Releases-Security-Update-iOS
Sep 26, 2017
//
AplusWebMaster
2017-09-27, 21:54
FYI...
Adblock Plus 1.13.4 for Chrome and Opera released
> https://adblockplus.org/releases/adblock-plus-1134-for-chrome-and-opera-released
2017-09-26
Install Adblock Plus 1.13.4 for Chrome ^
Install Adblock Plus 1.13.4 for Opera ^
This release features improvements to the emulation filters, which allow to block ads on Facebook again.
It also includes some bug fixes and changes under the hood..."
:yes:
AplusWebMaster
2017-10-03, 23:06
FYI...
> https://support.apple.com/en-us/HT201222
iOS 11.0.2
- https://support.apple.com/en-us/HT208164
Oct 3, 2017 - "iOS 11.0.2 includes the security content of iOS 11."
___
> https://support.apple.com/en-us/HT208067
Oct 3, 2017 - "... iOS 11.0.2 includes bug fixes and improvements for your iPhone or iPad. This update:
- Fixes an issue where crackling sounds may occur during calls for a small number of iPhone 8 and 8 Plus devices
- Addresses an issue that could cause some photos to become hidden
- Fixes an issue where attachments in S/MIME encrypted emails would not open..."
(More detail at the URL above.)
___
>> https://9to5mac.com/2017/10/03/apple-releases-ios-11-0-2-for-iphone-ipad-and-ipod-touch/
Oct. 3 2017 - "Apple has just released iOS 11.0.2 for iPhone, iPad and iPod touch devices. This marks the second bug-fix-update since iOS 11 launched in September. The build number is 15A421.
It looks to be another round of bug fixes and performance improvements, including a fix for crackly audio during phone calls on iPhone 8, a bug that caused some photos not to show up in user’s libraries and resolves an issue relating to attachments in encrypted email...
Apple says the iOS 11.0.2 brings various ‘bug fixes and improvements for iPhone and iPad’.
The minor update is available now for all iOS 11 devices (including the sixth-generation iPod touch).
To update, open Settings on your iOS device and navigate to General -> Software Update. You will need at least 50% battery to perform the update, or be connected to a power outlet.
We’ll keep an eye out for any other changes and enhancements in this latest version of iOS 11. No word yet on battery drain or adverse effects on performance, but we’ll report back if something does arise..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/03/Apple-Releases-Security-Update-iOS
Oct 3, 2017
:fear::fear:
AplusWebMaster
2017-10-05, 23:01
FYI...
- https://support.apple.com/en-us/HT201222
macOS High Sierra 10.13 Supplemental Update
- https://support.apple.com/en-us/HT208165
Oct 5, 2017 - "Available for: macOS High Sierra 10.13..."
CVE-2017-7149, CVE-2017-7150
- http://www.securitytracker.com/id/1039513
CVE Reference: CVE-2017-7149
Oct 5 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.13 ...
Impact: A local user can obtain the password for an encrypted APFS volumen on the target system in certain cases.
Solution: The vendor has issued a fix...
> https://support.apple.com/en-us/HT208168
Oct 6, 2017
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/05/Apple-Releases-Security-Update-macOS-High-Sierra
Oct 05, 2017
:fear::fear:
AplusWebMaster
2017-10-10, 13:04
FYI...
Thunderbird 52.4.0 released
- https://www.mozilla.org/en-US/thunderbird/52.4.0/releasenotes/
Oct 6, 2017
New: In Thunderbird 52 a new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior.
Fixed:
- Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use.
- IMAP UIDs > 0x7FFFFFFF not handled properly
- Various security fixes*
* https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.4
Oct 9, 2017
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
Critical:
CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Addons: https://addons.mozilla.org/en-US/thunderbird/
Download
- https://www.mozilla.org/en-US/thunderbird/all/
___
> https://www.us-cert.gov/ncas/current-activity/2017/10/11/Mozilla-Releases-Security-Update
Oct 11, 2017
:fear:
AplusWebMaster
2017-10-16, 18:01
FYI...
WPA2 Vulnerabilities
> https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities
16 Oct 2017 - "... vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519*..."
* https://www.kb.cert.org/vuls/id/228519/
16 Oct 2017 - See: Vendor Information
> https://isc.sans.edu/diary/rss/22932
Oct 16, 2017
___
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Oct 16, 2017
> https://w1.fi/security/2017-1/
- https://www.securitytracker.com/id/1039573
CVE Reference: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Oct 16 2017
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 2.6 and prior ...
Impact: A remote user on the wireless network can access and modify data on the wireless network.
Solution: The vendor has issued patches, available at:
> https://w1.fi/security/2017-1/
The patches will be included in future release 2.7...
:fear::fear:
AplusWebMaster
2017-10-31, 20:32
FYI...
> https://support.apple.com/en-us/HT201222
iOS 11.1
- https://support.apple.com/en-us/HT208222
Oct 31, 2017 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."
- https://www.securitytracker.com/id/1039703
CVE Reference: CVE-2017-13080, CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13799, CVE-2017-13802, CVE-2017-13803, CVE-2017-13804, CVE-2017-13805, CVE-2017-13844, CVE-2017-13849, CVE-2017-7113
Oct 31 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can modify data on the target system.
A remote user can cause the target service to crash.
A local user can obtain potentially sensitive information on the target system.
An application can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (11.1)...
___
Safari 11.1
- https://support.apple.com/en-us/HT208223
Oct 31, 2017 - "Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13..."
- https://www.securitytracker.com/id/1039706
CVE Reference: CVE-2017-13789, CVE-2017-13790
Oct 31 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.1 ...
Impact: A remote user can spoof a URL in the address bar.
Solution: The vendor has issued a fix (11.1)...
___
macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
- https://support.apple.com/en-us/HT208221
Oct 31, 2017 - "Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6..."
- https://www.securitytracker.com/id/1039710
CVE Reference: CVE-2017-13782, CVE-2017-13786, CVE-2017-13800, CVE-2017-13801, CVE-2017-13807, CVE-2017-13808, CVE-2017-13809, CVE-2017-13810, CVE-2017-13811, CVE-2017-13812, CVE-2017-13813, CVE-2017-13814, CVE-2017-13815, CVE-2017-13816, CVE-2017-13817, CVE-2017-13818, CVE-2017-13819, CVE-2017-13820, CVE-2017-13821, CVE-2017-13822, CVE-2017-13823, CVE-2017-13824, CVE-2017-13825, CVE-2017-13828, CVE-2017-13830, CVE-2017-13831, CVE-2017-13832, CVE-2017-13834, CVE-2017-13836, CVE-2017-13838, CVE-2017-13840, CVE-2017-13841, CVE-2017-13842, CVE-2017-13843, CVE-2017-13846, CVE-2017-7132
Nov 1 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain potentially sensitive information on the target system.
A local user can obtain potentially sensitive information from system memory on the target system.
An application can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix...
___
iCloud for Windows 7.1
- https://support.apple.com/en-us/HT208225
Oct 31, 2017 - "Available for: Windows 7 and later..."
___
iTunes 12.7.1 for Windows
- https://support.apple.com/en-us/HT208224
Oct 31, 2017 - "Available for: Windows 7 and later..."
___
tvOS 11.1
- https://support.apple.com/en-us/HT208219
Oct 31, 2017 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
___
watchOS 4.1
- https://support.apple.com/en-us/HT208220
Oct 31, 2017 - "Available for: All Apple Watch models..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/31/Apple-Releases-Multiple-Security-Updates
Oct 31, 2017
:fear::fear::fear:
AplusWebMaster
2017-11-01, 00:30
FYI...
WordPress 4.8.3 Security Release
- https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Oct 31, 2017 - "WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately..."
Download: https://wordpress.org/download/
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/31/WordPress-Releases-Security-Update
Oct 31, 2017
:fear::fear:
AplusWebMaster
2017-11-24, 14:35
FYI...
Thunderbird 52.5.0 released
- https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
Nov 23, 2017
New: Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional - IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case.
Fixed:
- In search folders spanning multiple base folders clicking on a message sometimes marked another message as read
- IMAP alerts have been corrected and now show the correct server name in case of connection problems
- POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
- Various security fixes:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.5
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Addons: https://addons.mozilla.org/en-US/thunderbird/
Download
- https://www.mozilla.org/en-US/thunderbird/all/
:fear::fear:
AplusWebMaster
2017-11-30, 00:38
FYI...
Security Update 2017-001 - macOS High Sierra 10.13.1
- https://support.apple.com/en-us/HT208315
Nov 29, 2017 - "Available for: macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872: When you install Security Update 2017-001* on your Mac, the build number of macOS will be 17B1002. Learn how to find the macOS version and build number on your Mac**.
* https://support.apple.com/kb/HT201541
** https://support.apple.com/en-us/HT201260
If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update***.
*** https://support.apple.com/en-us/HT204012
If you experience issues with authenticating or connecting to file shares on your Mac after you install this update, you can repair file sharing[4].
4] https://support.apple.com/kb/HT208317
___
- https://www.securitytracker.com/id/1039875
CVE Reference: CVE-2017-13872
Updated: Nov 29 2017
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 10.13 ...
Impact: A local user can obtain root privileges on the target system.
Solution: The vendor has issued a fix...
> https://support.apple.com/en-us/HT208315
> https://www.computerworld.com/article/3239047/apple-mac/what-to-do-about-apples-shameful-mac-security-flaw-updated.html
Nov 29, 2017
___
> https://www.kb.cert.org/vuls/id/113765
29 Nov 2017
- https://www.us-cert.gov/ncas/current-activity/2017/11/29/Apple-Releases-Security-Update-macOS-High-Sierra
Nov 29, 2017
___
>> https://blog.malwarebytes.com/cybercrime/2017/11/serious-macos-vulnerability-exposes-the-root-user/
Nov 29, 2017
- https://blog.malwarebytes.com/threat-analysis/2017/12/yet-another-flaw-in-apples-iamroot-bug-fix/
Dec 4, 2017
:fear::fear::fear:
AplusWebMaster
2017-12-02, 14:45
FYI...
WordPress 4.9.1 Security and Maintenance Release
- https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
Nov 29, 2017 - "WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack..."
Download: https://wordpress.org/download/
:fear::fear:
AplusWebMaster
2017-12-02, 15:07
FYI...
iOS 11.2 released
- https://www.theverge.com/2017/12/2/16727166/apple-ios-11-2-features-release
Dec 2, 2017 - "Apple is taking the highly unusual step of releasing a significant iOS update today, just hours after an iOS 11 bug started crashing iPhones. A bug in iOS 11.1.2 started causing iPhones to crash if third-party apps use recurring notifications for things like reminders. Apple is releasing iOS 11.2 today, which addresses the issue and includes a number of new features. Apple usually releases iOS updates on a Tuesday, so this appears to have been issued early to fix the crash bug..."
> https://www.theverge.com/2017/12/2/16727112/iphone-crash-bug-december-2nd-2017
Dec 2, 2017
___
> https://support.apple.com/en-us/HT201222
iOS 11.2 (details available soon) - iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
> https://support.apple.com/en-us/HT204204
:fear::fear:
AplusWebMaster
2017-12-06, 23:25
FYI...
- https://support.apple.com/en-us/HT201222
iOS 11.2
- https://support.apple.com/en-us/HT208334
Released Dec 2, 2017
IOKit: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues were addressed through improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
IOMobileFrameBuffer: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privilege
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13879: Apple
IOSurface: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero
Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2017-13833: Brandon Azad
Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: Multiple validation issues were addressed with improved input sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Incorrect certificate is used for encryption
Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.
CVE-2017-13874: an anonymous researcher
Mail Drafts: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker with a privileged network position may be able to intercept mail
Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
Wi-Fi: Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
Published Date: Dec 6, 2017
___
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
- https://support.apple.com/en-us/HT208331
Released Dec 6, 2017
apache: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to version 2.4.28.
CVE-2017-9798
curl: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking.
CVE-2017-1000254: Max Dymond
Directory Utility: Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver: Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds read was addressed through improved bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit: Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with system privileges
Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues were addressed through improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13862: Apple
Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2017-13833: Brandon Azad
Kernel: Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel: Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail: Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts: Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to intercept mail
Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server: Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any file readable by root
Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling.
CVE-2017-13826: Trevor Jacques of Toronto
___
tvOS 11.2
- https://support.apple.com/en-us/HT208327
Released Dec 4, 2017 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
Published Date: Dec 6, 2017
___
watchOS 4.2
- https://support.apple.com/en-us/HT208325
Released Dec 5, 2017 - "Available for: All Apple Watch models..."
Published Date: Dec 6, 2017
___
Safari 11.0.2 - (details available soon)
OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13
6 Dec 2017
___
iTunes 12.7.2 for Windows - (details available soon)
Windows 7 and later
6 Dec 2017
___
- https://www.us-cert.gov/ncas/current-activity/2017/12/06/Apple-Releases-Security-Updates
Dec 06, 2017
:fear::fear::fear::fear:
AplusWebMaster
2017-12-13, 18:44
FYI...
- https://support.apple.com/en-us/HT201222
iCloud for Windows 7.2
- https://support.apple.com/en-us/HT208328
Dec 13, 2017
APNs Server: Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a user
Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol.
CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy
WebKit: Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
___
iOS 11.2.1
- https://support.apple.com/en-us/HT208357
Dec 13, 2017
HomeKit: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A remote attacker may be able to unexpectedly alter application state
Description: A message handling issue was addressed with improved input validation.
CVE-2017-13903
>> https://discussions.apple.com/article/HT208357?filter=qa
Last: December 27, 2017
- https://www.securitytracker.com/id/1040008
CVE Reference: CVE-2017-13903
Dec 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Description: A vulnerability was reported in Apple iOS. A remote user can access and control HomeKit smart accessories.
On systems with shared HomeKit application users, a remote user can send specially crafted data to trigger a state error in the HomeKit application and gain access to the target user's HomeKit-controlled accessories...
Impact: A remote user can access and control HomeKit smart accessories.
Solution: The vendor has issued a fix (11.2.1)...
___
Safari 11.0.2
- https://support.apple.com/en-us/HT208324
WebKit: Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Published Date: Dec 13, 2017
- https://www.securitytracker.com/id/1040012
CVE Reference: CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
Dec 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Description: Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted web content that, when loaded by the target user, will trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157].
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (11.0.2)...
___
tvOS 11.2.1
- https://support.apple.com/en-us/HT208359
Dec 13, 2017
HomeKit: Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter application state
Description: A message handling issue was addressed with improved input validation.
CVE-2017-13903
- https://www.us-cert.gov/ncas/current-activity/2017/12/13/Apple-Releases-Security-Updates-iOS-and-tvOS
Dec 13, 2017
___
AirPort Base Station Firmware Update 7.6.9
- https://support.apple.com/en-us/HT208258
Dec 12, 2017
AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware: Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
___
AirPort Base Station Firmware Update 7.7.9
- https://support.apple.com/en-us/HT208354
Dec 12, 2017
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
___
- https://www.us-cert.gov/ncas/current-activity/2017/12/12/Apple-Releases-Security-Updates
Dec 12, 2017
:fear::fear:
AplusWebMaster
2017-12-13, 18:52
FYI...
Transport Layer Security (TLS) Vuln
- https://www.us-cert.gov/ncas/current-activity/2017/12/13/Transport-Layer-Security-TLS-Vulnerability
Dec 13, 2017
TLS implementations...
- https://www.kb.cert.org/vuls/id/CHEU-AT5U6H
Date Updated: 12 Dec 2017
TLS implementations...
- https://www.kb.cert.org/vuls/id/144389
Last revised: 13 Dec 2017
:fear::fear::fear:
AplusWebMaster
2017-12-23, 03:11
FYI...
Thunderbird 52.5.2 released
- https://www.mozilla.org/en-US/thunderbird/52.5.2/releasenotes/
Dec 22, 2017
What’s New:
Fixed: This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit. For details and various other security fixes see here*.
* https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.5.2
...
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
Critical
CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird
Addons: https://addons.mozilla.org/en-US/thunderbird/
Download
- https://www.mozilla.org/en-US/thunderbird/all/
___
- https://www.us-cert.gov/ncas/current-activity/2017/12/25/Mozilla-Releases-Security-Update-Thunderbird
Dec 25, 2017
___
- https://www.securitytracker.com/id/1040123
CVE Reference: CVE-2017-7829, CVE-2017-7845, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848
Jan 8 2018
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the sender's email address.
Solution: The vendor has issued a fix (52.5.2).
The vendor advisory is available at: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
:fear::fear:
AplusWebMaster
2018-01-05, 15:21
FYI...
Apple - About speculative execution vulnerabilities in ARM-based and Intel CPUs
- https://support.apple.com/en-us/HT208394
Jan 4, 2018 - "Background: The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software. The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
> Meltdown: Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited.
Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
> Spectre: Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS."
___
- https://www.kb.cert.org/vuls/id/584653
Last revised: 05 Jan 2018
- https://www.us-cert.gov/ncas/alerts/TA18-004A
Last revised: Jan 05, 2018
- https://www.helpnetsecurity.com/2018/01/05/spectre-browser-attacks/
Jan 5, 2018
:fear::fear:
AplusWebMaster
2018-01-09, 12:53
FYI...
- https://support.apple.com/en-us/HT201222
iOS 11.2.2
- https://support.apple.com/en-us/HT208401
Jan 8, 2018 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)..."
___
Safari 11.0.2
- https://support.apple.com/en-us/HT208403
Jan 8, 2018 - "Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Description: Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)..."
___
macOS High Sierra 10.13.2 Supplemental Update
- https://support.apple.com/en-us/HT208397
Jan 8, 2018 - "Available for: macOS High Sierra 10.13.2
Description: macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)...
Installing macOS High Sierra 10.13.2 Supplemental Update will update Safari to version 11.0.2 (13604.4.7.1.6) or version 11.0.2 (13604.4.7.10.6).
To check the version of Safari installed on your Mac:
1. Open Safari.
2. Choose Safari > About Safari."
___
- https://www.us-cert.gov/ncas/current-activity/2018/01/08/Apple-Releases-Multiple-Security-Updates
Jan 08, 2018
:fear::fear:
AplusWebMaster
2018-01-23, 22:31
FYI...
- https://support.apple.com/en-us/HT201222
iOS 11.2.5
- https://support.apple.com/en-us/HT208463
Jan 23, 2018 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."
___
macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
- https://support.apple.com/en-us/HT208465
Jan 23, 2018 - "Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6..."
___
Safari 11.0.3
- https://support.apple.com/en-us/HT208475
Jan 23, 2018 - "Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3..."
___
tvOS 11.2.5
- https://support.apple.com/en-us/HT208462
Jan 23, 2018 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
___
watchOS 4.2.2
- https://support.apple.com/en-us/HT208464
Jan 23, 2018 - "Available for: All Apple Watch models..."
___
iCloud for Windows 7.3
- https://support.apple.com/en-us/HT208473
Jan 23, 2018 - "Available for: Windows 7 and later..."
___
iTunes 12.7.3 for Windows
- https://support.apple.com/en-us/HT208474
Jan 23, 2018 - "Available for: Windows 7 and later..."
___
- https://www.us-cert.gov/ncas/current-activity/2018/01/23/Apple-Releases-Multiple-Security-Updates
Jan 23, 2018
:fear::fear:
AplusWebMaster
2018-01-27, 17:48
FYI...
Thunderbird 52.6.0 released
- https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/
Jan 25, 2018
What’s New
Fixed: Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found.
Fixed: Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices
Fixed: Calendar: Unintended task deletion if numlock is enabled
Fixed: Various security fixes*
* https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.6
... Fixed in Thunderbird 52.6
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
Critical
CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6
Critical
___
- https://www.us-cert.gov/ncas/current-activity/2018/01/25/Mozilla-Releases-Security-Update-Thunderbird
Jan 25, 2018
:fear:
AplusWebMaster
2018-02-11, 18:36
FYI...
WordPress 4.9.4 released
- https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/
Feb 6, 2018 - "WordPress 4.9.4 is now available. This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail-to-update-automatically, and will require action from you (or your host) for it to be updated to 4.9.4..."
> https://wordpress.org/download/
> https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/
Feb 6, 2018 - "... This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4..."
:fear::fear::fear: