Alerts

WordPress 4.5.1 released

FYI...

WordPress 4.5.1 released
- https://wordpress.org/news/
April 26, 2016 - "... immediate availability of WordPress 4.5.1, a maintenance release. This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes* or consult the list of changes**..."

Release notes
* https://codex.wordpress.org/Version_4.5.1

Change log
** https://core.trac.wordpress.org/log/branches/4.5?rev=37295&stop_rev=37182

Download
> https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.5.1) is available..."

:fear::fear:
 
Adblock Plus 2.7.3

FYI...

Adblock Plus 2.7.3 for Firefox released
- https://adblockplus.org/releases/adblock-plus-273-for-firefox-released
2016-04-27
Install Adblock Plus 2.7.3 for Firefox
This release adds support for the experimental CSS properties syntax to Adblock Plus for Firefox (issue 2401, issue 3955). This support isn’t complete yet, most important issue being that hits are not counted for CSS properties filters (issue 3969).
Additional changes
Fixed issues that Adblock Plus could potentially cause on Firefox startup (issue 2850).
Some first-run page optimizations (issue 2668, issue 1292, issue 3736, issue 3814).
Cleaned up internal messaging approach (issue 3499, issue 3851, issue 3853)...

:fear:
 
WordPress 4.5.2 Security Release

FYI...

WordPress 4.5.2 Security Release
- https://wordpress.org/news/2016/05/wordpress-4-5-2/
May 6, 2016 - "WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues..."

Release notes
- https://codex.wordpress.org/Version_4.5.2

Changelog
- https://codex.wordpress.org/Version_4.5.2

Download
> https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.5.2) is available..."
___

- http://www.securitytracker.com/id/1035818
CVE Reference: CVE-2016-4566, CVE-2016-4567
May 10 2016
Version(s): 4.5.1 and prior ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.5.2)...
___

- https://www.us-cert.gov/ncas/current-activity/2016/05/09/WordPress-Releases-Security-Updates
May 09, 2016

:fear::fear:
 
Last edited:
7-Zip updates

FYI...

7-Zip v16.00 released
> http://www.7-zip.org/
Download 7-Zip 16.00 (2016-05-10) for Windows:
Link Type Windows Size
Download .exe 32-bit x86 1 MB
Download .exe 64-bit x64 1 MB

> https://sourceforge.net/p/sevenzip/discussion/45797/thread/a8fd6078/
___

- http://www.securitytracker.com/id/1035876
CVE Reference: CVE-2016-2334, CVE-2016-2335
May 12 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 16.00 ...
The original advisory is available at:
> http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Impact: A remote user can create a file that, when loaded by the target application, will execute arbitrary code on the target system.
Solution: The vendor has issued a fix (16.00)...

:fear::fear:
 
iOS 9.3.2, iTunes 12.4, Safari 9.1.1, OS X v10.11.5, tvOS 9.2.1 released

FYI...

- https://support.apple.com/en-us/HT201222

iOS 9.3.2 update appears to be bricking iPads
- http://www.theregister.co.uk/2016/05/17/apple_bricks_ipads/
17 May 2016 - "... Reports of borked iPads emerged on Twitter thanks reportedly to a hardware issue requiring users to possibly restore their devices or contact support... Users have Tweeted* to Apple Support (@AppleSupport) with complaints their iPads -cannot- be restored through iTunes..."
* https://twitter.com/AppleSupport/with_replies
___

iOS 9.3.2
- https://support.apple.com/en-us/HT206568
Last Modified: May 23, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> http://www.securitytracker.com/id/1035890
CVE Reference: CVE-2016-1790, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1842, CVE-2016-1847, CVE-2016-1852
May 17 2016
Version(s): prior to 9.3.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target system to crash.
A remote or local user can obtain potentially sensitive information on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.2)...
___

iTunes 12.4
- https://support.apple.com/en-us/HT206379
May 16, 2016 - "Available for: Windows 7 and later..."
> http://www.securitytracker.com/id/1035887
CVE Reference: CVE-2016-1742
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 12.4 ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.4)...
___

Safari 9.1.1
- https://support.apple.com/en-us/HT206565
May 16, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5..."
> http://www.securitytracker.com/id/1035888
CVE Reference: CVE-2016-1849, CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (9.1.1)...
___

OS X El Capitan v10.11.5 and Security Update 2016-003
- https://support.apple.com/en-us/HT206567
May 16, 2016
> http://www.securitytracker.com/id/1035895
CVE Reference: CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1809, CVE-2016-1810, CVE-2016-1812, CVE-2016-1815, CVE-2016-1816, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1825, CVE-2016-1826, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.5 and Security Update 2016-003)...
___

tvOS 9.2.1
- https://support.apple.com/en-us/HT206564
May 16, 2016
> http://www.securitytracker.com/id/1035893
May 17 2016
___

watchOS 2.2.1
- https://support.apple.com/en-us/HT206566
May 16, 2016
> http://www.securitytracker.com/id/1035894
May 17 2016
___

- https://www.us-cert.gov/ncas/current-activity/2016/05/16/Apple-Releases-Multiple-Security-Updates
May 16, 2016

:fear::fear::fear:
 
Last edited:
Thunderbird 45.1.1 released

FYI...

Thunderbird 45.1.1 released
- https://www.mozilla.org/en-US/thunderbird/45.1.1/releasenotes/
May 31, 2016
What’s New:
Fixed: When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
Fixed: Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
Fixed: Options applied to a template were lost when the template was used.
Fixed: Contacts could not be deleted when they were found through a search
Fixed: Views from global searches did not respect "mail.threadpane.use_correspondents"

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

> https://www.mozilla.org/en-US/thunderbird/releases/

>> https://www.mozilla.org/en-US/thunderbird/all/
___

Thunderbird 45.1.0 released
- https://www.mozilla.org/en-US/thunderbird/45.1.0/releasenotes/
May 10, 2016
What’s New
Fixed:
- Drag & Drop a contact name from Thunderbird address book (list view) to address box in a new message “compose” window failed.
- UI elements became larger when moused over on retina displays/monitor on Mac OS X
- Automatic correspondents column upgrade disabled
- DIGEST-MD5 authentication in JS-XMPP failed for some users (now disabled).
- Font indicator in compose falsely claimed certain fonts were not installed.
- Printing failed in composition window.
- Various security fixes*
- Various improvements in handling of message compose in paragraph mode.
* https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.1
Fixed in Thunderbird 45.1
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

> https://www.mozilla.org/en-US/thunderbird/releases/

>> https://www.mozilla.org/en-US/thunderbird/all/

:fear:
 
Last edited:
Adblock Plus 1.12 for Chrome, Opera and Safari released

FYI...

Adblock Plus 1.12 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-112-for-chrome-opera-and-safari-released
2016-06-01
Install Adblock Plus 1.12 for Chrome
Install Adblock Plus 1.12 for Opera
Install Adblock Plus 1.12 for Safari (Safari 6 or higher required)
This release features experimental Safari Content Blocking support. So if you’re on Safari 9, you can try out the new (faster) blocking mechanism now by enabling it in the options. But please read the announcement* first; as that feature is still experimental and Content Blockers have some limitations, there are some caveats. However, Content Blockers will eventually completely replace the old mechanism we relied on so far on Safari.
* https://adblockplus.org/development-builds/experimental-safari-content-blocking-support
There also have been some bug fixes and other improvements for all platforms which are listed below, and some changes under the hood which aren’t visible to the user.
Changes:
- Improved performance of element hiding, reducing page load times (issue 235, issue 4038, issue 4036).
- Fixed a regression, introduced with the previous release, which caused the Adblock Warning Removal List to not be added anymore (issue 3772).
- Prevent websites from circumventing element hiding by removing or disabling the stylesheet (issue 3699).
- Prevent websites from showing previously blocked elements (issue 3840).
Chrome/Opera-only changes:
- Added an option to hide the Adblock Plus developer tools panel (issue 3796).
- Prevent websites from tricking users into adding subscriptions by simulating clicks on abp:subscribe links (issue 3828).
- Worked around a Chrome bug that broke the feedback functionality on blogger.com (issue 2687).
- Administrators deploying Adblock Plus via group policy can now configure additional subscriptions (issue 3801).
- Starting with this release, there are unified builds for Chrome and Opera, using the exact same code on both browsers (issue 3760).
Safari-only changes:
- Added experimental support for Safari Content Blocking (see above, issue 3687).
- Fixed: Wrong domain was whitelisted by icon menu after navigating through the history (issue 3924)...

:fear::fear::fear:
 
Apple - AirPort Base Station - Firmware Update

FYI...

Apple - AirPort Base Station - Firmware Update 7.6.7 and 7.7.7
- https://support.apple.com/en-us/HT206849
Jun 20, 2016

- http://www.securitytracker.com/id/1036136
CVE Reference: CVE-2015-7029
Jun 21 2016
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (7.6.7, 7.7.7)...

- https://www.us-cert.gov/ncas/current-activity/2016/06/21/Apple-Releases-Security-Update
June 21, 2016

:fear:
 
WordPress 4.5.3 released

FYI...

WordPress 4.5.3 released
- https://wordpress.org/news/2016/06/wordpress-4-5-3/
"WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately... fixes 17 bugs from 4.5, 4.5.1 and 4.5.2"

Release notes
- https://codex.wordpress.org/Version_4.5.3
"On 21 June, 2016, WordPress 4.5.3 was released to the public."

Changelog
- https://codex.wordpress.org/Version_4.5.3

Download
> https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.5.3) is available..."

> https://www.us-cert.gov/ncas/current-activity/2016/06/22/WordPress-Releases-Security-Update
June 22, 2016
___

- http://www.securitytracker.com/id/1036163
CVE Reference: CVE-2016-5832, CVE-2016-5833, CVE-2016-5834, CVE-2016-5835, CVE-2016-5836, CVE-2016-5837, CVE-2016-5838, CVE-2016-5839
Jun 23 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.5.3 ...
Impact: A remote user can modify passwords on the target system.
A remote user can cause denial of service conditions.
A remote user can cause the target user's browser to be redirected to an arbitrary web site.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.5.3)...

:fear::fear:
 
Last edited:
Avast to acquire AVG - $1.3B

FYI...

Avast to acquire AVG - $1.3B
- https://www.yahoo.com/news/avast-acquire-avg-1-3-billion-internet-security-102705630--finance.html
July 7, 2016 PRAGUE (AP) - "Avast Software says it is acquiring its anti-virus rival AVG Technologies N.V. in a $1.3 billion deal. Prague-based Avast says it is ready to pay $25 per share in cash for Amsterdam-based AVG, 33 percent above Wednesday's closing price on the New York Stock Exchange after the two signed a deal on it. Avast said Thursday the deal is meant to "gain scale, technological depth and geographical breadth." It aims to "take advantage of emerging growth opportunities in internet security as well as organizational efficiencies" with a goal to becoming serious competition for the global leaders in the internet security business. The companies have over 400 million users combined. Avast says the transaction is expected to close between Sept 15 and Oct 15..."

:blink:
 
Thunderbird v45.2.0 released

FYI...

Thunderbird v45.2.0 released
- https://www.mozilla.org/en-US/thunderbird/45.2.0/releasenotes/
June 30, 2016
Fixed: Invitations to events could not be printed.
Fixed: Dragging and dropping of contacts from the contact list onto an addressbook while All Addressbooks is selected moved only one contact
Fixed: Falsely reported not enough disk space during compacting
Fixed: Links were not always detected properly in the message body (terminated early on "|", some long links not detected at all)

> https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2
Fixed in Thunderbird 45.2
2016-49 Miscellaneous memory safety hazards (rv:47.0/rv:45.2)

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/thunderbird/releases/

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
Apple iOS 9.3.3, iTunes 12.4.2, iCloud for Windows, more...

FYI...

- https://support.apple.com/en-us/HT201222

- https://lists.apple.com/archives/security-announce/2016/Jul/threads.html

iOS 9.3.3
- https://support.apple.com/en-us/HT206902
July 18, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securitytracker.com/id/1036344
CVE Reference: CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4582, CVE-2016-4587, CVE-2016-4593, CVE-2016-4594, CVE-2016-4603, CVE-2016-4604, CVE-2016-4605, CVE-2016-4626, CVE-2016-4627, CVE-2016-4628, CVE-2016-4631, CVE-2016-4632, CVE-2016-4635, CVE-2016-4637
Jul 19 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.3.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can spoof a URL or content.
Solution: The vendor has issued a fix (9.3.3)...
___

iTunes 12.4.2 for Windows
- https://support.apple.com/en-us/HT206901
July 18, 2016 - "Available for: Windows 7 and later..."

iCloud for Windows 5.2.1
- https://support.apple.com/en-us/HT206899
July 18, 2016 - "Available for: Windows 7 and later..."

Safari 9.1.2
- https://support.apple.com/en-us/HT206900
July 18, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6..."
- http://www.securitytracker.com/id/1036343
CVE Reference: CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Jul 19 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.1.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can consume excessive memory resources on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof user interface elements.
Solution: The vendor has issued a fix (9.1.2)...
___

OS X El Capitan v10.11.6 and Security Update 2016-004
- https://support.apple.com/en-us/HT206903
July 18, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later..."
- http://www.securitytracker.com/id/1036348
CVE Reference: CVE-2016-0718, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4621, CVE-2016-4625, CVE-2016-4629, CVE-2016-4630, CVE-2016-4633, CVE-2016-4634, CVE-2016-4638, CVE-2016-4639, CVE-2016-4640, CVE-2016-4641, CVE-2016-4645, CVE-2016-4646, CVE-2016-4647, CVE-2016-4648, CVE-2016-4649, CVE-2016-4650, CVE-2016-4652
Jul 19 2016
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A physically local user can view passwords.
Solution: The vendor has issued a fix (10.11.6, Security Update 2016-004)...
___

tvOS 9.2.2
- https://support.apple.com/en-us/HT206905
July 18, 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2.2
- https://support.apple.com/en-us/HT206904
July 18, 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___

- https://www.us-cert.gov/ncas/current-activity/2016/07/18/Apple-Releases-Multiple-Security-Updates
July 18, 2016

:fear::fear:
 
Last edited:
Apple iOS 9.3.4 released

FYI...

- https://support.apple.com/en-us/HT201222

iOS 9.3.4 released
- https://support.apple.com/en-us/HT207026
Aug 4, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4654: Team Pangu

... Update fixes a single issue credited to prominent jailbreaking...
> http://arstechnica.com/apple/2016/08/apple-thwarts-jailbreakers-with-ios-9-3-4-update/
8/4/2016
___

- http://www.securitytracker.com/id/1036546
CVE Reference: CVE-2016-4654
Aug 6 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.3.3; possibly earlier versions...
Impact: An application can execute arbitrary code on the target system with kernel-level privileges.
Solution: The vendor has issued a fix (9.3.4)...
___

- https://www.us-cert.gov/ncas/current-activity/2016/08/05/Apple-Releases-Security-Update
Aug 05, 2016

:fear:
 
Last edited:
WordPress 4.6 released

FYI...

WordPress 4.6 released
- https://wordpress.org/download/
Aug 16, 2016 - "The latest stable release of WordPress (Version 4.6) is available..."

Release notes
- https://codex.wordpress.org/Version_4.6

- https://wordpress.org/download/release-archive/
___

- http://www.securitytracker.com/id/1036683
CVE Reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6897
Aug 22 2016
Impact: Denial of service via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 4.5.3; possibly other versions ...
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote authenticated user can cause the target application to fail.
Solution: The vendor has issued a fix (4.6)...

:fear::fear:
 
Last edited:
iOS 9.3.5 released

FYI...

Out-of-Band iOS Patch Fixes 0-Day ...
- https://isc.sans.edu/diary.html?storyid=21409
2016-08-25 - "A new spyware has been discovered on the Apple platform. Called Pegasus... it turns out to be a sophisticated targeted spyware. Developed by professionals, it uses 0-day vulnerabilities, code obfuscation and encryption techniques. Apple released today an out-of-band patch for iOS (version 9.3.5)*. It fixes three critical vulnerabilities..."

iOS 9.3.5 released
* https://support.apple.com/en-us/HT207107
Aug 25, 2016 - "Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later..."

- https://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html
25 Aug 2016

- http://www.securitytracker.com/id/1036694
CVE Reference: CVE-2016-4655, CVE-2016-4656, CVE-2016-4657
Aug 25 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.3.5...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain portions of kernel memory contents.
An application can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.5)...

- https://www.us-cert.gov/ncas/current-activity/2016/08/25/Apple-Releases-Security-Update
Aug 25, 2016

:fear::fear:
 
Last edited:
Apple updates - 2016.09.01

FYI...

- https://support.apple.com/en-us/HT201222

Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite
- https://support.apple.com/en-us/HT207130
Sep 1, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 ..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00001.html

Safari 9.1.3
- https://support.apple.com/en-us/HT207131
Sep 1, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6 ..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00000.html
___

- https://isc.sans.edu/diary.html?storyid=21439
2016-09-02 - "... The OS X update, which is only available for El Capitan and Yosemite, fixes the two kernel vulnerabilities. The Safari update which is available for OS X Mavericks and Yosemite... fixes the WebKit vulnerability... recommend patching these quickly given that the same vulnerabilities have already been exploited for iOS."
___

- https://www.us-cert.gov/ncas/current-activity/2016/09/01/Apple-Releases-Security-Updates
Sep 01, 2016

:fear::fear:
 
Last edited:
WordPress 4.6.1 released

FYI...

WordPress 4.6.1 - Security and Maintenance Release
- https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Sep 7, 2016 - "WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename... and a path traversal vulnerability in the upgrade package uploader... In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6. For more information, see the release notes* or consult the list of changes**..."

Release notes
* https://codex.wordpress.org/Version_4.6.1

List of changes
** https://core.trac.wordpress.org/query?milestone=4.6.1

Download
- https://wordpress.org/download/
___

- http://www.securitytracker.com/id/1036747
Sep 8 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.6 and prior...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. The impact of the path traversal flaw was not disclosed.
Solution: The vendor has issued a fix (4.6.1)...
___

- https://www.us-cert.gov/ncas/current-activity/2016/09/07/WordPress-Releases-Security-Update
Sep 7, 2016

:fear::fear:
 
Last edited:
iOS 10.0.1 released

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10
- https://support.apple.com/en-us/HT207143
Sep 13, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."

iOS 10.0.1
- https://support.apple.com/en-us/HT207145
Sep 13, 2016 - "... iOS 10.0.1 also includes the security content of iOS 10."

- http://www.securitytracker.com/id/1036797
CVE Reference: CVE-2016-4620, CVE-2016-4719, CVE-2016-4740, CVE-2016-4741, CVE-2016-4746, CVE-2016-4747, CVE-2016-4749
Sep 13 2016
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user in a privileged network position can prevent software updates.
A remote user in a privileged network position can obtain mail credentials.
A local user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.0, 10.0.1)...
___

Xcode 8
- https://support.apple.com/en-us/HT207140
Sep 13, 2016 - "Available for: OS X El Capitan v10.11.5 and later..."

watchOS 3
- https://support.apple.com/en-us/HT207141
Sep 13, 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermès"
___

- https://www.us-cert.gov/ncas/current-activity/2016/09/13/Apple-Releases-Security-Updates
Sep 13, 2016

:fear::fear:
 
Last edited:
Apple updates ..

FYI...

- https://support.apple.com/en-us/HT201222

Safari 10
- https://support.apple.com/en-us/HT207157
Sep 20, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html

- http://www.securitytracker.com/id/1036854
CVE Reference: CVE-2016-4611, CVE-2016-4618, CVE-2016-4728, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4751, CVE-2016-4758, CVE-2016-4759, CVE-2016-4760, CVE-2016-4762, CVE-2016-4763, CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769
Sep 21 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
A remote user can spoof the address bar.
A remote user can obtain potentially sensitive information.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.0)...
___

macOS Sierra 10.12
- https://support.apple.com/en-us/HT207170
Sep 20, 2016 - "Available for: OS X El Capitan v10.11.6..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
___

macOS Server 5.2
- https://support.apple.com/en-us/HT207171
Sep 20, 2016 - "Available for: macOS Sierra 10.12..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html
___

iCloud for Windows 6.0
- https://support.apple.com/en-us/HT207147
Sep 20, 2016 - "Available for: Windows 7 and later..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00013.html
___

iTunes 12.5.1 for Windows
- https://support.apple.com/en-us/HT207158
Sep 13, 2016 - "Available for: Windows 7 and later..."
- https://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
___

- https://www.us-cert.gov/ncas/current-activity/2016/09/20/Apple-Releases-Security-Updates
Sep 20, 2016

:fear::fear:
 
Last edited:
Back
Top