Page 31 of 31 FirstFirst ... 212728293031
Results 301 to 306 of 306

Thread: Alerts

  1. #301
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 52.5.2 released

    FYI...

    Thunderbird 52.5.2 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Dec 22, 2017
    What’s New:
    Fixed: This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit. For details and various other security fixes see here*.
    * https://www.mozilla.org/en-US/securi...nderbird52.5.2
    ...
    > https://www.mozilla.org/en-US/securi...s/mfsa2017-30/
    Critical
    CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9

    Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
    Manual check: Go to >Help >About Thunderbird

    Addons: https://addons.mozilla.org/en-US/thunderbird/

    Download
    - https://www.mozilla.org/en-US/thunderbird/all/
    ___

    - https://www.us-cert.gov/ncas/current...te-Thunderbird
    Dec 25, 2017
    ___

    - https://www.securitytracker.com/id/1040123
    CVE Reference: CVE-2017-7829, CVE-2017-7845, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848
    Jan 8 2018
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can spoof the sender's email address.
    Solution: The vendor has issued a fix (52.5.2).
    The vendor advisory is available at: https://www.mozilla.org/en-US/securi...s/mfsa2017-30/

    Last edited by AplusWebMaster; 2018-01-17 at 18:16.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #302
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple - speculative execution vulns in ARM-based and Intel CPUs

    FYI...

    Apple - About speculative execution vulnerabilities in ARM-based and Intel CPUs
    - https://support.apple.com/en-us/HT208394
    Jan 4, 2018 - "Background: The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software. The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
    > Meltdown: Meltdown is a name given to an exploitation technique known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory. Our analysis suggests that it has the most potential to be exploited.
    Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation. Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.
    > Spectre: Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
    Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser. Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques. Our current testing indicates that the upcoming Safari mitigations will have no measurable impact on the Speedometer and ARES-6 tests and an impact of less than 2.5% on the JetStream benchmark. We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS."
    ___

    - https://www.kb.cert.org/vuls/id/584653
    Last revised: 05 Jan 2018

    - https://www.us-cert.gov/ncas/alerts/TA18-004A
    Last revised: Jan 05, 2018

    - https://www.helpnetsecurity.com/2018...owser-attacks/
    Jan 5, 2018

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #303
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple updates - 2018.01.08

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 11.2.2
    - https://support.apple.com/en-us/HT208401
    Jan 8, 2018 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
    Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)..."
    ___

    Safari 11.0.2
    - https://support.apple.com/en-us/HT208403
    Jan 8, 2018 - "Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
    Description: Safari 11.0.2 includes security improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)..."
    ___

    macOS High Sierra 10.13.2 Supplemental Update
    - https://support.apple.com/en-us/HT208397
    Jan 8, 2018 - "Available for: macOS High Sierra 10.13.2
    Description: macOS High Sierra 10.13.2 Supplemental Update includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715)...
    Installing macOS High Sierra 10.13.2 Supplemental Update will update Safari to version 11.0.2 (13604.4.7.1.6) or version 11.0.2 (13604.4.7.10.6).
    To check the version of Safari installed on your Mac:
    1. Open Safari.
    2. Choose Safari > About Safari."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Jan 08, 2018

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #304
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Apple - iOS 11.2.5, Safari 11.0.3, more

    FYI...

    - https://support.apple.com/en-us/HT201222

    iOS 11.2.5
    - https://support.apple.com/en-us/HT208463
    Jan 23, 2018 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."
    ___

    macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
    - https://support.apple.com/en-us/HT208465
    Jan 23, 2018 - "Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6..."
    ___

    Safari 11.0.3
    - https://support.apple.com/en-us/HT208475
    Jan 23, 2018 - "Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.3..."
    ___

    tvOS 11.2.5
    - https://support.apple.com/en-us/HT208462
    Jan 23, 2018 - "Available for: Apple TV 4K and Apple TV (4th generation)..."
    ___

    watchOS 4.2.2
    - https://support.apple.com/en-us/HT208464
    Jan 23, 2018 - "Available for: All Apple Watch models..."
    ___

    iCloud for Windows 7.3
    - https://support.apple.com/en-us/HT208473
    Jan 23, 2018 - "Available for: Windows 7 and later..."
    ___

    iTunes 12.7.3 for Windows
    - https://support.apple.com/en-us/HT208474
    Jan 23, 2018 - "Available for: Windows 7 and later..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Jan 23, 2018

    Last edited by AplusWebMaster; 2018-01-24 at 21:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #305
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Thunderbird 52.6.0 released

    FYI...

    Thunderbird 52.6.0 released
    - https://www.mozilla.org/en-US/thunde.../releasenotes/
    Jan 25, 2018
    What’s New
    Fixed: Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found.
    Fixed: Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices
    Fixed: Calendar: Unintended task deletion if numlock is enabled
    Fixed: Various security fixes*
    * https://www.mozilla.org/en-US/securi...hunderbird52.6
    ... Fixed in Thunderbird 52.6
    - https://www.mozilla.org/en-US/securi...s/mfsa2018-04/
    CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
    Critical
    CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6
    Critical
    ___

    - https://www.us-cert.gov/ncas/current...te-Thunderbird
    Jan 25, 2018

    Last edited by AplusWebMaster; 2018-01-27 at 19:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #306
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WordPress 4.9.4 released

    FYI...

    WordPress 4.9.4 released
    - https://wordpress.org/news/2018/02/w...nance-release/
    Feb 6, 2018 - "WordPress 4.9.4 is now available. This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail-to-update-automatically, and will require action from you (or your host) for it to be updated to 4.9.4..."

    > https://wordpress.org/download/

    > https://wordpress.org/news/2018/02/w...nance-release/
    Feb 6, 2018 - "... This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4..."

    Last edited by AplusWebMaster; 2018-03-05 at 13:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •