Apple updates - 12.12.2016
FYI...
- https://support.apple.com/en-us/HT201222
iOS 10.2 released
- https://support.apple.com/en-us/HT207422
Dec 12, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://appleinsider.com/articles/16/...efreshed-emoji
Dec 12, 2016
- http://www.securitytracker.com/id/1037429
CVE Reference: CVE-2016-4689, CVE-2016-4690, CVE-2016-4781, CVE-2016-7597, CVE-2016-7601, CVE-2016-7626, CVE-2016-7634, CVE-2016-7638, CVE-2016-7651, CVE-2016-7653, CVE-2016-7664, CVE-2016-7665
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain passwords on the target system.
A remote or local user can bypass security controls on the target system.
Solution: The vendor has issued a fix (10.2)...
___
tvOS 10.1
- https://support.apple.com/en-us/HT207425
Dec 12, 2016
watchOS 3.1.1
- https://support.apple.com/en-us/HT207426
Dec 12, 2016
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Dec 12, 2016
:fear:
Apple updates - 2016.12.13
FYI...
- https://support.apple.com/en-us/HT201222
Safari 10.0.2
- https://support.apple.com/en-us/HT207421
Dec 13, 2016 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.2..."
- http://www.securitytracker.com/id/1037459
CVE Reference: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.0.2
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.0.2)...
iCloud for Windows 6.1
- https://support.apple.com/en-us/HT207424
Dec 13, 2016 - "Available for: Windows 7 and later..."
iTunes 12.5.4 for Windows
- https://support.apple.com/en-us/HT207427
Dec 13, 2016 - "Available for: Windows 7 and later..."
macOS Sierra 10.12.2
- https://support.apple.com/en-us/HT207423
Dec 13, 2016 - "Available for: macOS Sierra 10.12.1..."
- http://www.securitytracker.com/id/1037469
CVE Reference: CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663
Dec 14 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data and files on the target system.
Solution: The vendor has issued a fix (10.12.2)...
Transporter 1.9.2
- https://support.apple.com/en-us/HT207432
Dec 5, 2016 - "Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit), Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Dec 14, 2016
:fear::fear::fear:
Thunderbird 45.6 released
FYI...
Thunderbird 45.6 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Dec 28, 2016
Fixed: The system integration dialog was shown every time when starting Thunderbird
Fixed: Various security fixes...
- https://www.mozilla.org/en-US/securi...hunderbird45.6
> https://www.mozilla.org/en-US/securi...s/mfsa2016-96/
Critical
Fixed in: Thunderbird 45.6 ...
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.6
___
- https://www.us-cert.gov/ncas/current...ecurity-Update
Dec 28, 2016
:fear::fear:
Adblock Plus v1.6 for IE ...
FYI...
Adblock Plus 1.6 for Internet Explorer released
- https://adblockplus.org/releases/adb...lorer-released
2017-01-03 - "... Adblock Plus 1.6 for Internet Explorer. This update brings a bunch of features... we are switching to CSS injection for element hiding, instead of a custom DOM traverser. This change was implemented for a more powerful element hiding. The new way of element hiding through CSS injection will work only on IE10+. But since we support IE8+ we have also made improvements to the traverser itself and fixed other bugs, which should make the general ad blocking experience more robust. We have also resolved a case where ABP for Internet Explorer would crash, so a more stable experience is also to be expected. You can see the full list of changes included in the release here*."
* https://issues.adblockplus.org/query...t-Explorer-1.6
___
Note: The update -asked- for "System restart" to complete the install (Win7 system)...
:blink: :fear:
Apple updates - 2017.01.18
FYI...
- https://support.apple.com/en-us/HT201222
GarageBand 10.1.5
- https://support.apple.com/en-us/HT207477
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later..."
- http://www.securitytracker.com/id/1037627
CVE Reference: CVE-2017-2372
Jan 18 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (10.1.5)...
___
Logic Pro X 10.3
- https://support.apple.com/en-us/HT207476
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later (64 bit)..."
___
- http://arstechnica.com/security/2017...d-for-2-years/
Jan 18, 2017
- https://blog.malwarebytes.com/threat...tiquated-code/
Jan 18, 2017
:fear::fear:
Apple advisories - 2017.01.23
FYI...
- https://support.apple.com/en-us/HT201222
iOS 10.2.1 released
- https://support.apple.com/en-us/HT207482
Jan 23, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://www.securitytracker.com/id/1037668
CVE Reference: CVE-2016-8687, CVE-2017-2350, CVE-2017-2351, CVE-2017-2352, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2360, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2368, CVE-2017-2369, CVE-2017-2370, CVE-2017-2371, CVE-2017-2373
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can bypass security controls on the target system.
A remote user can gain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.2.1)...
___
iTunes 12.5.5 for Windows
- https://support.apple.com/en-us/HT207486
Jan 23, 2017 - "Available for: Windows 7 and later..."
___
Safari 10.0.3 released
- https://support.apple.com/en-us/HT207484
Jan 23, 2017 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3..."
- http://www.securitytracker.com/id/1037669
CVE Reference: CVE-2017-2359
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can spoof a URL.
Solution: The vendor has issued a fix (10.0.3)...
___
iCloud for Windows 6.1.1 released
- https://support.apple.com/en-us/HT207481
Jan 23, 2017 - "Available for: Windows 7 and later..."
___
macOS Sierra 10.12.3 released
- https://support.apple.com/en-us/HT207483
Jan 23, 2017 - "Available for: macOS Sierra 10.12.2..."
- http://www.securitytracker.com/id/1037671
CVE Reference: CVE-2017-2353, CVE-2017-2357, CVE-2017-2358, CVE-2017-2361
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: An application can gain elevated privileges on the target system.
An application can determine kernel memory layout.
A remote user can execute arbitrary scripting code on the target user's system.
Solution: The vendor has issued a fix (10.12.3)...
___
tvOS 10.1.1
- https://support.apple.com/en-us/HT207485
Jan 23, 2017 - "Available for: Apple TV (4th generation)..."
___
watchOS 3.1.3
- https://support.apple.com/en-us/HT207487
Jan 23, 2017 - "Available for: All Apple Watch models..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Jan 23, 2017
:fear::fear:
Thunderbird 45.7 released
FYI...
Thunderbird 45.7 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Jan 26, 2017
- https://www.mozilla.org/en-US/thunderbird/releases/
Fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/securi...hunderbird45.7
Security vulnerabilities fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/securi...s/mfsa2017-03/
Jan 26, 2017
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.7
___
- https://www.us-cert.gov/ncas/current...ecurity-Update
Jan 26, 2017
:fear::fear: