-
OS X / Safari - Flash Player updates available
FYI...
OS X / Safari - Flash Player updates available
- http://support.apple.com/kb/HT5655
July 10, 2014 - "... If the version of Adobe Flash plug-in you are using is out of date, you may see the message, "Blocked plug-in", "Flash Security Alert” or "Flash out-of-date" when attempting to view Flash content in Safari. Clicking the indicator displays an alert, "Adobe Flash Player is out-of-date."
In order to use Adobe Flash you need to update to a later version:
- Click the Download Flash button.
- Safari opens Adobe Flash Player installer page on the Adobe website.
- Click the Download now button on the Adobe website to download the latest Adobe Flash Player installer.
- After the download completes, open the downloaded disk image (usually located in your Downloads folder) if it does not open automatically.
In the window that appears, open the installer and follow the onscreen instructions.
Note: If you need to run an older version of Flash, you can use web plug-in management* to re-enable it for specific websites using "Run in Unsafe Mode" (??) in Safari 6.1 or later..."
* http://support.apple.com/kb/HT5954
:fear::fear:
-
Oracle Critical Patch Update Advisory - July 2014
FYI...
Oracle Critical Patch Update Advisory - July 2014
- https://www.us-cert.gov/ncas/current...urity-Advisory
July 15, 2014 - "Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products.
This update contains the following security fixes:
• 5 for Oracle Database Server
• 29 for Oracle Fusion Middleware
• 7 for Oracle Hyperion
• 1 for Oracle Enterprise Manager Grid Control
• 5 for the Oracle E-Business Suite
• 3 for Oracle Supply Chain Products Suite
• 5 for Oracle PeopleSoft Products
• 6 for Oracle Siebel CRM
• 1 for Oracle Communications Applications
• 3 for Oracle Retail Applications
• 20 for Oracle Java SE
• 3 for Oracle and Sun Systems Products Suite
• 15 for Oracle Virtualization
• 10 for Oracle MySQL
US-CERT encourages users and administrators to review the Oracle July 2014 Critical Patch Update* and apply the necessary updates."
* http://www.oracle.com/technetwork/to...4-1972956.html
- http://www.oracle.com/technetwork/to...72956.html#PIN
> https://blogs.oracle.com/security/en...l_patch_update
___
- https://atlas.arbor.net/briefs/index#-1227693199
High Severity
17 Jul 2014
:fear:
-
Thunderbird 31.0 released
FYI...
Thunderbird 31.0 released
- http://www.securitytracker.com/id/1030620
CVE Reference: CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560
Jul 22 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.0 ...
- https://www.mozilla.org/en-US/thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
v31.0, released: July 22, 2014
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird31
Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
:fear:
-
AdBlock Plus 2.6.4 ...
FYI...
AdBlock Plus 2.6.4
- https://adblockplus.org/releases/adb...refox-released
2014-07-22
Changes:
- Made sure that data is always written to disk immediately whenever filter hit counts are reset (issue 430).
- Fixed: Moving filters with Ctrl-Up/Down doesn’t work in Firefox 30 and above (issue 716).
- Fixed: Find functionality in the preferences doesn’t indicate that the search pattern wasn’t found (issue 455).
- Fixed: User isn’t informed about anti-adblock warnings on websites producing them (issue 764).
- Fixed: Blockable items aren’t refreshed on tab change in SeaMonkey (issue 290).
- Fixed: “Disable on this page only” doesn’t work correctly if the address ends with # (issue 580)...
- https://addons.mozilla.org/en-US/fir.../adblock-plus/
:fear:
-
WordPress 3.9.2 released
FYI...
WordPress 3.9.2 released
- https://wordpress.org/download/
Aug 6, 2014 - "The latest stable release of WordPress (Version 3.9.2) ..."
- http://wordpress.org/news/2014/08/wordpress-3-9-2/
Aug 6, 2014 - "WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately..."
Release notes
- http://codex.wordpress.org/Version_3.9.2
- https://core.trac.wordpress.org/log/...9383&rev=29411
___
- http://www.securitytracker.com/id/1030684
Aug 7 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.9.2 ...
- http://atlas.arbor.net/briefs/index#918586250
Elevated Severity
7 Aug 2014
:fear::fear:
-
AdblockPlus 1.2 for IE released
FYI...
AdblockPlus 1.2 for IE released
- https://adblockplus.org/releases/adb...lorer-released
2014-08-13
:fear:
-
Safari 6.1.6, 7.0.6 released
FYI...
Safari 6.1.6, 7.0.6 released
- http://support.apple.com/kb/HT6367
Aug 13, 2014
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling...
___
- http://www.securitytracker.com/id/1030731
CVE Reference: CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
Aug 14 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.1.6, 7.0.6 ...
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (6.1.6, 7.0.6)...
:fear::fear:
-
OpenOffice 4.1.1 released
FYI...
OpenOffice 4.1.1 released
- http://www.openoffice.org/download/
Released 2014-08-21
Release Notes
- https://cwiki.apache.org/confluence/...+Release+Notes
"Apache OpenOffice 4.1.1 is a micro release intended to fix critical issues. All users of Apache OpenOffice 4.1.0 or earlier are advised to upgrade. You can download Apache OpenOffice 4.1.1 here*. Please review these Release Notes to learn what is new in this version as well as important remarks concerning known issues and their workarounds. Our Bugzilla issue tracking database provides a detailed list of solved issues**..."
* http://www.openoffice.org/download/
** http://s.apache.org/AOO411-solved
Known Issues
- https://cwiki.apache.org/confluence/...es-KnownIssues
___
- http://www.securitytracker.com/id/1030754
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3575 - 4.3
Aug 22 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.1.1
Impact: A remote user can obtain potentially sensitive file information.
Solution: The vendor has issued a fix (4.1.1)...
- http://www.securitytracker.com/id/1030755
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3524 - 9.3 (HIGH)
Aug 22 2014
Impact: Disclosure of user information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.1.0 and prior...
Solution: The vendor has issued a fix (4.1.1)...
:fear::fear:
-
Thunderbird 31.1 released
FYI...
Thunderbird 31.1 released
- http://www.securitytracker.com/id/1030794
CVE Reference: CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
Sep 3 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 24.8, 31.1 ...
Solution: The vendor has issued a fix (24.8, 31.1).
- https://www.mozilla.org/en-US/thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
v.31.1.0, released: Sep 2, 2014
Security Advisories
- https://www.mozilla.org/security/kno...bird.html#31.1
Fixed in Thunderbird 31.1
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
:fear:
-
Adblock Plus 1.8.4 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.4 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2014-09-03
Adblock Plus 1.8.4 for Chrome:
- https://chrome.google.com/webstore/d...ibdccddilifddb
Adblock Plus 1.8.4 for Opera (Opera 17 or higher required):
- https://addons.opera.com/extensions/...opera-adblock/
Adblock Plus 1.8.4 for Safari (Safari 6 or higher required):
- https://adblockplus.org/en/safari
:spider:
-
WordPress 4.0 released
FYI...
WordPress 4.0 released
- https://wordpress.org/download/
Sep 4, 2014 - "The latest stable release of WordPress (Version 4.0) is available..."
Release notes
- http://codex.wordpress.org/Version_4.0
Changelog
- http://codex.wordpress.org/Changelog/4.0
:fear:
-
Adblock Plus 1.8.5 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.5 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2014-09-08
Adblock Plus 1.8.5 for Chrome:
- https://chrome.google.com/webstore/d...ibdccddilifddb
Adblock Plus 1.8.5 for Opera (Opera 17 or higher required):
- https://addons.opera.com/extensions/...opera-adblock/
Adblock Plus 1.8.5 for Safari (Safari 6 or higher required):
- https://adblockplus.org/en/safari
Changes:
Fixed: “Block Element” dialog was sometimes covered up by other page elements (issue 703).
Fixed: Checkbox labels on the options page should be clickable (issue 1226).
Chrome/Opera-only changes
Adapted for changes in Chrome 36, Opera 23 and higher. Removed side-effects of element hiding on affected websites (e.g. Outlook 365) again (issue 1290).
:fear:
-
Adobe Reader / Acrobat update delayed ...
FYI...
Prenotification Security Advisory for Adobe Reader and Acrobat
- https://helpx.adobe.com/security/pro...apsb14-20.html
Sep 5, 2014: Clarified the affected versions of Reader and Acrobat for the Windows and Macintosh platforms.
Sep 8, 2014: Updated the expected release date from September 9, 2014 to the week of September 15, 2014. The release was -delayed- to address issues identified during regression testing.
:fear:
-
iOS 8 released
FYI...
iOS 8 released
- http://www.securitytracker.com/id/1030866
CVE Reference: CVE-2014-4352, CVE-2014-4353, CVE-2014-4354, CVE-2014-4356, CVE-2014-4357, CVE-2014-4361, CVE-2014-4362, CVE-2014-4363, CVE-2014-4364, CVE-2014-4366, CVE-2014-4367, CVE-2014-4368, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4374, CVE-2014-4375, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4380, CVE-2014-4381, CVE-2014-4383, CVE-2014-4384, CVE-2014-4386, CVE-2014-4388, CVE-2014-4389, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4423
Sep 18 2014
Impact: Denial of service via local system, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 8.0 ...
Solution: The vendor has issued a fix (8.0).
The vendor's advisory is available at:
- http://support.apple.com/kb/HT6441
Sep 17, 2014
- http://support.apple.com/kb/HT1222
17 Sept 2014
iOS 8 - iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
___
Safari 6.2 and 7.1
- http://support.apple.com/kb/HT6440
Sep 18, 2014
OS X Mavericks v10.9.5 and Security Update 2014-004
- http://support.apple.com/kb/HT6443
Sep 18, 2014
OS X Server v3.2.1
- http://support.apple.com/kb/HT6448
Sep 18, 2014
___
- http://atlas.arbor.net/briefs/index#2074331089
High Severity
Sep 26, 2014
:fear:
-
iOS 8.0.1 revoked - iPhone 6, 6+
FYI...
iOS 8.0.1 revoked - iPhone 6, 6+
- http://www.theinquirer.net/inquirer/...ivity-touch-id
Sep 25, 2014 - "... iPhone 6 and iPhone 6 Plus users that downloaded the iOS 8.0.1 update and found that it somewhat ruined their days to roll back the update*. Apple released iOS 8.0.1 to iPhones on Wednesday, but all didn't go to plan. While speculation had suggested that the update would arrive with a slew of bug fixes, the update appears to have created more issues. Apple has accepted that some iPhone users have experienced loss of connectivity and breakage in Touch ID sign-in..."
* http://support.apple.com/kb/HT6487
Sep 25, 2014
___
- http://support.apple.com/kb/HT6487
Last Modified: Sep 26, 2014 - "iOS 8.0.2 is available now. It fixes the loss of cellular service and use of Touch ID that may have affected you if you have an iPhone 6 or iPhone 6 Plus and you downloaded iOS 8.0.1. It includes improvements and bug fixes originally in iOS 8.0.1. We apologize for inconveniencing you if you were affected by the bug in iOS 8.0.1. To resolve this issue, update your device to iOS 8.0.2* or later."
* http://support.apple.com/kb/HT4623
- https://discussions.apple.com/search...0.2%20problems
___
APPLE-SA-2014-09-23-1 OS X: Flash Player plug-in blocked
- https://lists.apple.com/archives/sec.../msg00000.html
Sep 23, 2014
Due to security issues in older versions, Apple has updated the
web plug-in blocking mechanism to disable all versions prior to
Flash Player 15.0.0.152 and 13.0.0.244.
Information on blocked web plug-ins will be posted to:
- http://support.apple.com/kb/HT5655
Last Modified: Sep 24, 2014
:fear:
-
Bash Command Injection Vulnerability
FYI...
Advisory (ICSA-14-269-01)
Bash Command Injection Vulnerability
- https://ics-cert.us-cert.gov//advisories/ICSA-14-269-01
Sep 26, 2014 - "... A command injection vulnerability has been reported in the Bourne again shell (bash). Bash is the common command-line used in most Linux/Unix-based operating systems and Apple’s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system... Exploits that target this vulnerability are publicly available...
ICS-CERT recommends that -users- take the following measures to protect themselves from social engineering attacks:
1. Do not click web links or open unsolicited attachments in email messages.
2. Refer to Recognizing and Avoiding Email Scams* for more information on avoiding email scams.
3. Refer to Avoiding Social Engineering and Phishing Attacks**. for more information on social engineering attacks..."
* http://www.us-cert.gov/reading_room/emailscams_0905.pdf
** https://www.us-cert.gov/ncas/tips/st04-014
:fear::fear:
-
OS X bash Updates ...
FYI...
OS X bash Updates ...
- http://support.apple.com/kb/HT6495
Sep 29, 2014 - Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: In certain configurations, a remote attacker may be able to execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement...
APPLE-SA-2014-09-29-1 OS X bash Update 1.0
- https://lists.apple.com/archives/sec.../msg00001.html
29 Sep 2014
OS X Lion
- http://support.apple.com/kb/DL1767
Sep 29, 2014
File Size: 3.5 MB
OS X Mountain Lion
- http://support.apple.com/kb/DL1768
Sep 29, 2014
File Size: 3.3 MB
OS X Mavericks
- http://support.apple.com/kb/DL1769
Sep 29, 2014
File Size: 3.3 MB
- http://arstechnica.com/apple/2014/09...10-8-and-10-7/
Sept 29 2014
:fear::fear:
-
Thunderbird v31.2 released
FYI...
Thunderbird v31.2 released
- http://www.securitytracker.com/id/1031030
CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586
Oct 15 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.2 ...
Solution: The vendor has issued a fix (31.2)...
- https://www.mozilla.org/en-US/thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
v.31.2.0, released: Oct 14, 2014
Security Advisories
- https://www.mozilla.org/security/kno...hunderbird31.2
Fixed in Thunderbird 31.2
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
:fear:
-
Adblock Plus 1.8.6 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.6 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2014-10-15 - "Adblock Plus 1.8.6 for Chrome, Opera (Opera 17 or higher required), and Safari (Safari 6 or higher required)..."
Links to the install files and more detail at the URL above.
:bigthumb:
-
OpenSSL patches 4 vulnerabilities
FYI...
OpenSSL patches 4 vulnerabilities
- https://www.us-cert.gov/ncas/current...ulnerabilities
Oct 16, 2014 - "OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or execute man-in-the-middle attacks. The following updates are available:
OpenSSL 1.0.1 users should upgrade to 1.0.1j
OpenSSL 1.0.0 users should upgrade to 1.0.0o
OpenSSL 0.9.8 users should upgrade to 0.9.8zc
US-CERT recommends users and administrators review the OpenSSL Security Advisory* for additional information and apply the necessary updates."
* https://www.openssl.org/news/secadv_20141015.txt
- https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-3513
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3566 - 4.3
- https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-3567
- https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-3568
___
- http://www.securitytracker.com/id/1031053
Oct 15 2014
- http://www.securitytracker.com/id/1031052
Oct 15 2014
:fear::fear:
-
iTunes 12.0.1, OS X Server v4.0, OS X Yosemite v10.10 released
FYI...
iTunes 12.0.1 released
- https://support.apple.com/kb/HT6537
Last Modified: Oct 16, 2014
CVE Reference(s): CVE-2013-2871, CVE-2013-2875, CVE-2013-2909, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6635, CVE-2013-6663, CVE-2014-1268, CVE-2014-1269, CVE-2014-1270, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313, CVE-2014-1323, CVE-2014-1324, CVE-2014-1325, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1340, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1362, CVE-2014-1363, CVE-2014-1364, CVE-2014-1365, CVE-2014-1366, CVE-2014-1367, CVE-2014-1368, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390, CVE-2014-1713, CVE-2014-1731, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415
___
Security Update 2014-005
- https://support.apple.com/kb/HT6531
Oct 16, 2014
> https://www.us-cert.gov/ncas/current...pdate-2014-005
Oct 17, 2014 - "... Security Update 2014-005 to address vulnerabilities in SSL 3.0..."
___
OS X Server v4.0
- http://support.apple.com/kb/HT6536
Oct 16, 2014
- http://www.securitytracker.com/id/1031071
___
OS X Yosemite v10.10
- http://support.apple.com/kb/HT6535
Oct 16, 2014
- http://www.securitytracker.com/id/1031063
- http://www.securitytracker.com/id/1031065
OS X Yosemite: List of available trusted root certificates
- http://support.apple.com/kb/HT6005
Oct 17, 2014
:fear::fear::fear:
-
Adblock Plus 2.6.5 for Firefox ...
FYI...
Adblock Plus 2.6.5 for Firefox
- https://adblockplus.org/releases/adb...refox-released
Changes:
- Fixed: Element hiding exceptions are broken by changes in Firefox 34 and Firefox 35 (issue 1241, issue 1381).
- Fixed: Blocking via context menu won’t always suggest blocking the most recent request (issue 362).
- Fixed: Issue reporter will complain about too many filter lists even when these filter lists are “special” like the anti-adblock list (issue 690).
- Fixed: Disabling filters via space bar no longer works in preferences (issue 1129).
- Fixed: Sharing Adblock Plus from the first-run page won’t work if the Anti-Social list is enabled (issue 1133).
- Fixed: Anti-Adblock warning will sometimes appear on websites without any anti-adblock behavior (issue 1161).
- Made $sitekey option behavior more consistent, it can be used similarly to $domain now rather than whitelisting complete websites only (issue 432).
- https://addons.mozilla.org/en-US/fir.../adblock-plus/
:fear::fear:
-
iOS 8.1 released
FYI...
iOS 8.1 released
- https://support.apple.com/kb/HT6541
Oct 20, 2014
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
- http://www.securitytracker.com/id/1031077/
CVE Reference: CVE-2014-4448, CVE-2014-4449, CVE-2014-4450
Oct 20 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 8.1 ...
- https://en.greatfire.org/blog/2014/o...nch-new-iphone
Oct 20, 2014 - "After previous attacks on Github, Google, Yahoo and Microsoft, the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud... Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack..."
- http://www.reuters.com/article/2014/...0I92H020141021
Oct 21, 2014
___
Apple TV 7.0.1
- https://support.apple.com/kb/HT6542
Oct 20, 2014
- https://support.apple.com/kb/HT1222
:fear:
-
SSL 3.0 obsolete ...
FYI...
- http://windowssecrets.com/top-story/...oodle-attacks/
Oct 23, 2014 - "The following changes force your browser to not use SSL 3.0. Here’s what to adjust in the top three browsers...
Chrome: In Google’s browser, edit the shortcut that launches the browser, adding a flag to the end of the Shortcut path. Start by selecting the icon normally used to launch Chrome. Right-click the icon and select Properties. Under the Shortcut tab, find the box labeled “Target” and insert –ssl-version-min=tls1 immediately after chrome.exe” (see Figure 1). It should look something like this (note the space between .exe” and –ssl-):
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ssl-version-min=tls1
Figure 1: http://windowssecrets.com/wp-content...-TS-Chrome.png
... in the Oct. 14 Mozilla blog post*, Firefox 34, due to be released on Nov. 25, will disable SSL 3.0 support. In the meantime, Mozilla recommends installing the add-on (download site**), “SSL Version Control 0.2? (see Figure 2), which will let you control SSL support within the browser. (Some websites have recommended adjusting Firefox settings in the configuration file, but Mozilla recommends using the add-on instead.)..."
* https://blog.mozilla.org/security/20...nd-of-ssl-3-0/
** https://addons.mozilla.org/en-US/fir...rsion-control/
Figure 2: http://windowssecrets.com/wp-content...1023-TS-FF.png
... Internet Explorer: In IE, click the gear (settings) icon, open Internet options, and then select the Advanced tab. Scroll down the Settings list to the Security category, and then look for Use SSL 3.0. Uncheck the box (see Figure 3), click OK, and then relaunch IE... Microsoft released an initial security advisory on this topic; expect to see additional guidance in the near future...
Figure 3: http://windowssecrets.com/wp-content...1023-TS-IE.png
... How to test your browser’s TLS/SSL protection:
Several websites test whether your currently open browser supports SSL 3.0. For a simple test, Poodletest.com displays a poodle dog if your browser still supports SSL 3.0, and a Springfield terrier if it doesn’t. On the other hand, Qualys SSL Labs (site***) provides a more detailed analysis of the SSL protocols your browser supports.
As noted above, some business sites such as online -banking- might still need SSL 3.0. Again, I recommend leaving SSL 3.0 support on -one- browser; it’ll be faster and safer than repeatedly adjusting browser settings. If you’re running a Web server or small-business server, you should -disable- SSL 3.0 support to better protect connected workstations and Internet-based phones... there’s a silver lining to this latest security mess — it should now force everyone on the Internet to finally abandon a dated, insecure protocol."
*** https://www.ssllabs.com/ssltest/viewMyClient.html
"Your user agent is not vulnerable..." < What you want to see after the new Firefox extention is installed.
___
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3513 - 7.1 (HIGH)
Last revised: 10/22/2014
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3567 - 7.1 (HIGH)
Last revised: 10/31/2014
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3568 - 4.3
Last revised: 10/31/2014
:fear::fear:
-
QuickTime 7.7.6 released
-
Adblock Plus 1.8.7 for Chrome and Opera released
FYI...
Adblock Plus 1.8.7 for Chrome and Opera released
- https://adblockplus.org/releases/adb...opera-released
2014-10-28
Install/update links at the URL above.
:fear:
-
Sumatra PDF reader v3.0 ...
FYI...
Sumatra PDF reader v3.0 released
- http://blog.kowalczyk.info/software/...apdf/news.html
Version history - v3.0 (2014-10-18)
Changes in this release:
- Tabs! Enabled by default. Use Settings/Options... menu to go back to the old UI
- support table of contents and links in ebook UI
- add support for PalmDoc ebooks
- swapped keybindings:
- F11: Fullscreen mode (still also Ctrl+Shift+L)
- F5: Presentation mode (also Shift+F11, still also Ctrl+L)
- added a document measurement UI. Press 'm' to start. Keep pressing 'm' to change measurement units
- new advanced settings: FullPathInTitle, UseSysColors (no longer exposed through the Options dialog), UseTabs
- replaced non-free UnRAR with a free RAR extraction library...
[prior version 2.5.2] ...
Download: http://blog.kowalczyk.info/software/...df-viewer.html
:fear:
-
AdblockPlus v2.6.6 for Firefox ...
FYI...
AdblockPlus 2.6.6 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2014-11-11 - "... Adblock Plus will use a slightly different approach to read files from disk... reason is a change that Mozilla made for Firefox and that broke Adblock Plus completely in the Firefox nightly builds."
:fear:
-
iOS 8.1.1, OS X Yosemite v10.10.1, Apple TV 7.0.2 released
FYI...
iOS 8.1.1 released
- http://support.apple.com/en-us/HT6590
Nov 17, 2014
... for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later...
- http://www.securitytracker.com/id/1031232
CVE Reference: CVE-2014-4451, CVE-2014-4457, CVE-2014-4463
Nov 18 2014
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (8.1.1).
___
OS X Yosemite v10.10.1
- http://support.apple.com/en-us/HT6572
Nov 17, 2014
- http://www.securitytracker.com/id/1031230
CVE Reference: CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
Nov 18 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (10.10.1).
___
Apple TV 7.0.2
- http://support.apple.com/en-us/HT6592
Nov 17, 2014
- http://www.securitytracker.com/id/1031231
CVE Reference: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
Nov 18 2014
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (7.0.2).
___
- https://isc.sans.edu/diary.html?storyid=18961
Nov 17, 2014
- https://www.us-cert.gov/ncas/current...e-and-Apple-TV
Nov 17, 2014
:fear:
-
WordPress 4.0.1 Security Release
FYI...
WordPress 4.0.1 Security Release
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
Nov 20, 2014 - "WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... This issue does not affect version 4.0, but version 4.0.1 does address these -eight- security issues..."
- http://www.securitytracker.com/id/1031243
Nov 20 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 3.7.5, 3.8.5, 3.9.3, 4.0.1
Description: Several vulnerabilities were reported in WordPress. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote user can compromise a target user's account...
Solution: The vendor has issued a fix (3.7.5, 3.8.5, 3.9.3, 4.0.1).
The vendor's advisory is available at:
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
:fear::fear:
-
Thunderbird 31.3 released
FYI...
Thunderbird 31.3 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Dec 1, 2014
Fixed in Thunderbird 31.3
- https://www.mozilla.org/en-US/securi...hunderbird31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1031287
CVE Reference: CVE-2014-1587, CVE-2014-1588, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595
Dec 3 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.3 ...
Solution: The vendor has issued a fix (31.3).
:fear:
-
Adblock Plus 1.8.8 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.8 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2014-12-02
___
Adblock Plus - How to keep people from knowing you’ve read their Facebook message
- https://adblockplus.org/blog/how-to-...cebook-message
2014-12-02 - "You know how you’re able to see that someone has “seen” your message on Facebook? If you’ve ever wanted others -not- to be informed about when/if you’ve read their Facebook messages, Adblock Plus has a new solution for you. Just click HERE* (and then click Add) to enable it automatically; read on for an explanation. By displaying the “seen” message you know that the person you’ve sent the message to has read the message... To enable it automatically simply click HERE*..."
(More detail and link* at the adblockplus URL above.)
:spider:
-
Safari 8.0.1, 7.1.1, 6.2.1 released
FYI...
Safari 8.0.1, 7.1.1, 6.2.1 released
- http://support.apple.com/en-us/HT6596
Dec 3, 2014
- http://www.securitytracker.com/id/1031296
CVE Reference: CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475
Dec 4 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.2.1, 7.1.1, 8.0.1
Solution: The vendor has issued a fix (6.2.1, 7.1.1, 8.0.1).
___
- http://www.theinquirer.net/inquirer/...reinstall-os-x
Dec 05 2014 - "... The Safari update from 3 December addressed 13 security vulnerabilities, including some that were serious, in versions 8.0.1, 7.1.1 and 6.2.1. Most of the vulnerabilities were discovered by Apple internally. However, Mac OS X users soon complained that the update failed. The update processing claimed that it completed successfully, but it did not, and instead it removed Safari from users' systems. Users said that Apple support instructed them to reinstall Mac OS X* in order to recover Safari..."
* https://discussions.apple.com/thread...art=0&tstart=0
> https://discussions.apple.com/servle...1.25.31+AM.png
- http://support.apple.com/en-us/HT6596
Dec 4, 2014
- http://forums.macrumors.com/showthread.php?t=1825558
> http://support.apple.com/downloads/ ??
:fear:
-
iOS 8.1.2
FYI...
iOS 8.1.2
- http://support.apple.com/en-us/HT6598
Last Modified: Dec 10, 2014 - "Available for... iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later"
:fear:
-
Adblock Plus 1.3 for IE ...
FYI...
Adblock Plus 1.3 for IE released
- https://adblockplus.org/releases/adb...or-ie-released
2014-12-15 - "... version 1.3 fixes a lot of issues where ABP for IE either incorrectly blocked a request, or falsely allowed the request through, when it shouldn’t have... hope you’ll notice the improvement... list of changes:
General blocking improvements (issue 1265):
Improved detection of mime types
Added support for XMLHttpRequests
Added support for requests from Flash
Improved detection of a referrer of a request.
Fix element hiding on some sites (issue 1148)
Fix incorrect blocking of video content on some sites (issue 1231)
Block video ads where they weren’t blocked before (issue 1500)
Fix “Navigation canceled” messages if IFRAME is blocked (issue 1264)
Fix version string in Add/Remove programs (issue 1222)
Changes in the First Run Page (issue 1230, issue 1356) ..."
:blink:
-
WordPress Download Mgr Security Bypass Vuln
FYI...
WordPress Download Manager Security Bypass Vulnerability
- https://secunia.com/advisories/62641/
Release Date: 2014-12-18
Criticality: Highly Critical
... vulnerability is confirmed in version 2.7.4. Prior versions may also be affected.
Solution: Update to version 2.7.5...
- https://wordpress.org/plugins/downlo...ger/changelog/
2.7.81: WordPress v4.1 compatibility release
Last Updated: 2014-12-18
:fear::fear:
-
Adblock Plus 1.8.9 for Chrome ...
FYI...
Adblock Plus 1.8.9 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
Jan 6, 2015 - "Install links...
Changes:
Worked around some circumvention attempts.
Fixed: Extension pages didn’t respect direction of right-to-left languages (issue 1668).
Fixed an issue when generating filters based on the style attribute (issue 1658).
Fixed an issue where “Block element” from the context menu didn’t work or in an inferior way than from the popup (issue 1611).
When blocking elements suggest filters based on all URLs associated with the element (issue 1601).
Removed the ‘Hide placeholders’ option (issue 1671).
Updated the extension description (issue 1643)..."
:fear:
-
Thunderbird 31.4.0 released
FYI...
Thunderbird 31.4.0 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Jan 13, 2015
- https://www.mozilla.org/en-US/securi...hunderbird31.4
Fixed in Thunderbird 31.4
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download: https://www.mozilla.org/en-US/thunderbird/all.html
___
- http://www.securitytracker.com/id/1031534
CVE Reference: CVE-2014-8634, CVE-2014-8635, CVE-2014-8638, CVE-2014-8639
Jan 14 2015
Impact: Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.4 ...
:fear:
-
Adblock Plus 2.6.7 for Firefox released
FYI...
Adblock Plus 2.6.7 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
Jan 14, 2015
Changes:
Removed “Hide placeholders of blocked elements” option from the user interface (issue 1670).
Fixed: First-run page broken in Firefox nightlies if E10S is enabled (issue 1663, issue 1706).
Fixed first-run page layout for right-to-left languages (issue 1668).
Fixed: “Adblock Warning Removal List” is being displayed as the selected list on Firefox Mobile (issue 1712).
Fixed: “Disable on site” doesn’t always show up on Firefox Mobile (issue 1713)...
:fear:
-
Adblock Plus 1.8.10 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.8.10 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2015-01-20
> Changes
Fixed: “Block element” didn’t highlight some elements correctly (issue 1751 and issue 1755).
Fixed: “Block element” didn’t work while the first run page was open (issue 1741).
> Chrome/Opera-only changes
Worked around an issue that broke printing of spreadsheets on Google Docs (issue 1770).
Adapted for a new API feature introduced in Chrome 41 and Opera 28, that allows to identify frames more efficiently and reliably (issue 1739).
> Safari-only changes
Fixed a potential memory leak in the messaging code (issue 1724).
Install/download links at the adblockplus URL above.
:fear: