OS X / Safari - Flash Player updates available
FYI...
OS X / Safari - Flash Player updates available
- http://support.apple.com/kb/HT5655
July 10, 2014 - "... If the version of Adobe Flash plug-in you are using is out of date, you may see the message, "Blocked plug-in", "Flash Security Alert” or "Flash out-of-date" when attempting to view Flash content in Safari. Clicking the indicator displays an alert, "Adobe Flash Player is out-of-date."
In order to use Adobe Flash you need to update to a later version:
- Click the Download Flash button.
- Safari opens Adobe Flash Player installer page on the Adobe website.
- Click the Download now button on the Adobe website to download the latest Adobe Flash Player installer.
- After the download completes, open the downloaded disk image (usually located in your Downloads folder) if it does not open automatically.
In the window that appears, open the installer and follow the onscreen instructions.
Note: If you need to run an older version of Flash, you can use web plug-in management* to re-enable it for specific websites using "Run in Unsafe Mode" (??) in Safari 6.1 or later..."
* http://support.apple.com/kb/HT5954
:fear::fear:
Oracle Critical Patch Update Advisory - July 2014
FYI...
Oracle Critical Patch Update Advisory - July 2014
- https://www.us-cert.gov/ncas/current...urity-Advisory
July 15, 2014 - "Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products.
This update contains the following security fixes:
• 5 for Oracle Database Server
• 29 for Oracle Fusion Middleware
• 7 for Oracle Hyperion
• 1 for Oracle Enterprise Manager Grid Control
• 5 for the Oracle E-Business Suite
• 3 for Oracle Supply Chain Products Suite
• 5 for Oracle PeopleSoft Products
• 6 for Oracle Siebel CRM
• 1 for Oracle Communications Applications
• 3 for Oracle Retail Applications
• 20 for Oracle Java SE
• 3 for Oracle and Sun Systems Products Suite
• 15 for Oracle Virtualization
• 10 for Oracle MySQL
US-CERT encourages users and administrators to review the Oracle July 2014 Critical Patch Update* and apply the necessary updates."
* http://www.oracle.com/technetwork/to...4-1972956.html
- http://www.oracle.com/technetwork/to...72956.html#PIN
> https://blogs.oracle.com/security/en...l_patch_update
___
- https://atlas.arbor.net/briefs/index#-1227693199
High Severity
17 Jul 2014
:fear:
Thunderbird 31.0 released
FYI...
Thunderbird 31.0 released
- http://www.securitytracker.com/id/1030620
CVE Reference: CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560
Jul 22 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.0 ...
- https://www.mozilla.org/en-US/thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
v31.0, released: July 22, 2014
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird31
Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
:fear:
AdblockPlus 1.2 for IE released
FYI...
AdblockPlus 1.2 for IE released
- https://adblockplus.org/releases/adb...lorer-released
2014-08-13
:fear:
Safari 6.1.6, 7.0.6 released
FYI...
Safari 6.1.6, 7.0.6 released
- http://support.apple.com/kb/HT6367
Aug 13, 2014
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling...
___
- http://www.securitytracker.com/id/1030731
CVE Reference: CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
Aug 14 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.1.6, 7.0.6 ...
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (6.1.6, 7.0.6)...
:fear::fear:
OpenOffice 4.1.1 released
FYI...
OpenOffice 4.1.1 released
- http://www.openoffice.org/download/
Released 2014-08-21
Release Notes
- https://cwiki.apache.org/confluence/...+Release+Notes
"Apache OpenOffice 4.1.1 is a micro release intended to fix critical issues. All users of Apache OpenOffice 4.1.0 or earlier are advised to upgrade. You can download Apache OpenOffice 4.1.1 here*. Please review these Release Notes to learn what is new in this version as well as important remarks concerning known issues and their workarounds. Our Bugzilla issue tracking database provides a detailed list of solved issues**..."
* http://www.openoffice.org/download/
** http://s.apache.org/AOO411-solved
Known Issues
- https://cwiki.apache.org/confluence/...es-KnownIssues
___
- http://www.securitytracker.com/id/1030754
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3575 - 4.3
Aug 22 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.1.1
Impact: A remote user can obtain potentially sensitive file information.
Solution: The vendor has issued a fix (4.1.1)...
- http://www.securitytracker.com/id/1030755
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3524 - 9.3 (HIGH)
Aug 22 2014
Impact: Disclosure of user information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.1.0 and prior...
Solution: The vendor has issued a fix (4.1.1)...
:fear::fear:
Thunderbird 31.1 released
FYI...
Thunderbird 31.1 released
- http://www.securitytracker.com/id/1030794
CVE Reference: CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
Sep 3 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 24.8, 31.1 ...
Solution: The vendor has issued a fix (24.8, 31.1).
- https://www.mozilla.org/en-US/thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
v.31.1.0, released: Sep 2, 2014
Security Advisories
- https://www.mozilla.org/security/kno...bird.html#31.1
Fixed in Thunderbird 31.1
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
:fear:
Adblock Plus 1.8.4 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.4 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2014-09-03
Adblock Plus 1.8.4 for Chrome:
- https://chrome.google.com/webstore/d...ibdccddilifddb
Adblock Plus 1.8.4 for Opera (Opera 17 or higher required):
- https://addons.opera.com/extensions/...opera-adblock/
Adblock Plus 1.8.4 for Safari (Safari 6 or higher required):
- https://adblockplus.org/en/safari
:spider: