Alerts

[AplusWebMaster]

FYI...

OS X v10.10.2 and Security Update 2015-001
- http://support.apple.com/en-us/HT204244
Jan 27, 2015
> AFP Server, bash, Bluetooth, CFNetwork Cache, CoreGraphics, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, FontParser, Foundation, Intel Graphics Driver, IOAcceleratorFamily, IOHIDFamily, IOKit, IOUSBFamily, Kernel, LaunchServices, libnetcore, LoginWindow, lukemftp, OpenSSL, Sandbox, SceneKit, Security, security_taskgate, Spotlight, SpotlightIndex, sysmond, UserAccountUpdater
(More detail at the URL above.)
> http://www.securitytracker.com/id/1031650

Safari 8.0.3, 7.1.3, 6.2.3 released
- http://support.apple.com/en-us/HT204243
Jan 27, 2015
> Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
CVE-2014-3192, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479
> http://www.securitytracker.com/id/1031647

iOS 8.1.3
- http://support.apple.com/en-us/HT204245
Jan 27, 2015
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
> AppleFileConduit, CoreGraphics, dyld, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, iTunes Store, Kernel, libnetcore, MobileInstallation, Springboard, WebKit
(More detail at the URL above.)
> http://www.securitytracker.com/id/1031652

Apple TV 7.0.3
- http://support.apple.com/en-us/HT204246
Jan 27, 2015
> Available for: Apple TV 3rd generation and later
(More detail at the URL above.)
> http://www.securitytracker.com/id/1031651

> http://support.apple.com/en-us/HT1222

[AplusWebMaster]

FYI...

Thunderbird 31.5 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Feb 24, 2015

- https://www.mozilla.org/en-US/securi...hunderbird31.5
Fixed in Thunderbird 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

Automated Updates: https://support.mozillamessaging.com...ng-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla.org/en-US/thunderbird/all.html
___

- http://www.securitytracker.com/id/1031792
CVE Reference: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0833, CVE-2015-0835, CVE-2015-0836
Feb 24 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.5 ...

[AplusWebMaster]

FYI...

Adblock Plus 1.8.11 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2015-02-24
Changes:
Improved the icon and logo (issue 1535 and issue 1989).
Fixed: Filters with internationalized domains didn’t match (issue 1801).
Fixed: On the options page, input was submitted even if the wrong button was pressed (issue 1448).
Fixed some issues with the “Block element” dialog.
Fixed: Overlays were sometimes covered by other elements (issue 1857).
Fixed: Matching elements weren’t highlighted sometimes (issue 1864).
Fixed: Mouse events handled by the page could prevent the dialog from showing up (issue 1665).
Fixed: Dialog wasn’t completely visible when selecting elements inside small frames (issue 350).
Fixed several issues related to framesets (issue 1867, issue 1870 and issue 1082).
Fixed issues caused by selecting SVG elements (issue 1856).
Fixed: Images weren’t recognized when using image maps (issue 1868).
Fixed a memory leak when routing messages across frames (issue 1840).

Chrome/Opera-only changes:
Fixed: Icon and badge didn’t update for pre-rendered tabs (issue 1976).
Fixed issue with third-party pages loaded in anonymous frames (issue 1977).
Fixed: CSS selectors containing commas partially broke element hiding (issue 1802).
Fixed: “Block element” dialog and highlighted elements were staying visible after the extension is unloaded (issue 1843).

Safari-only changes:
Fixed an issue that broke the user interface for some languages (issue 2008).

(Install links at the adblockplus URL above.)

[AplusWebMaster]

FYI...

Adblock Plus 1.4 for IE released
- https://adblockplus.org/releases/adb...or-ie-released
2015-02-26
We are updating Adblock Plus for IE with version 1.4.

... list of all improvements since version 1.3.

New in this release: the addition of the installer for Active Directory installs, which we really hope network administrators would appreciate.
There’s a x64-bit and x86-bit variant of the GPO installer.
Also, this version is the first version that will perform queries for notifications like all other ABP versions.

> https://downloads.adblockplus.org/de...hangelog.xhtml

[AplusWebMaster]

FYI...

AdblockPlus 1.3 for Android
- https://adblockplus.org/releases/adb...droid-released
2015-03-03
If you already have Adblock Plus for Android, it should notify you about the update shortly and download it automatically.

We did a lot of under-the-hood changes again, rewrote the way libadblockplus is integrated (#16) and cleaned up the different methods for setting the proxy and deciding which method to use (#547).
Besides that we:
improved compatibility with Android Lollipop (#1498, #1848)
reduced the memory usage (#303)
included twelve new translations
and, of course, fixed a lot of various minor and major issues...

(Install links at the adblockplus URL above.)

[AplusWebMaster]

FYI...

Apple Security Update 2015-002
- https://support.apple.com/en-us/HT204413
Mar 9, 2015
- http://www.securitytracker.com/id/1031869
CVE Reference: CVE-2015-1066
Mar 10 2015
Impact: Root access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.5, 10.9.5, 10.10.2...

iOS 8.2 released
- https://support.apple.com/en-us/HT204423
Mar 9, 2015
- http://www.securitytracker.com/id/1031868
CVE Reference: CVE-2015-1061, CVE-2015-1065
Mar 10 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.5, 10.9.5, 10.10.2 ...
- https://lists.apple.com/archives/sec.../msg00000.html

Apple TV 7.1
- https://support.apple.com/en-us/HT204426
Mar 9, 2015

Xcode 6.2
- https://support.apple.com/en-us/HT204427
Mar 9, 2015

- https://support.apple.com/en-us/HT1222

- https://isc.sans.edu/diary.html?storyid=19443
Last Updated: 2015-03-10 - "... Apple also addressed a number of security vulnerabilities, most notably the "Freak" vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE*...
* http://www.poodletest.com/
Quick Summary of the security content of Apple's updates:
- XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git.
- OS X: 5 vulnerabilities. The most serious of which is likely a code execution vulnerability in Keychain.
- Apple TV: 3 vulnerabilities. One of which would allow an attacker to write files to the system if the user mounts a corrupt disk image.
- iOS: 6 vulnerabilities. In addition to FREAK and the above mentioned Keychain problem, a vulnerability that allows an attacker with physical access to the device to see the home screen on a locked devices is patched..."

- https://www.us-cert.gov/ncas/current...S-and-Apple-TV
Mar 9, 2015

[AplusWebMaster]

FYI...

Adblock Plus 2.6.8 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2015-03-10 - "This release features the improved icon and logo that are already being used in Chrome, Opera and Safari (issue 1534, issue 2053, issue 2072). It also fixes an issue with the search functionality in the Filter Preferences affecting Firefox 36 and above (issue 2041)..."

[AplusWebMaster]

FYI...

Blind SQL Injection against WordPress SEO
- https://isc.sans.edu/diary.html?storyid=19457
2015-03-13 - "WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here[3] and the latest update is available here[2]."

1] https://wordpress.org/plugins/wordpress-seo/
2] https://downloads.wordpress.org/plug...-seo.1.7.4.zip
3] https://wpvulndb.com/vulnerabilities/7841

[AplusWebMaster]

FYI...

Safari 8.0.4, 7.1.4, 6.2.4 released
- https://support.apple.com/en-us/HT204560
Mar 17, 2015
- https://lists.apple.com/archives/sec.../msg00004.html

- https://support.apple.com/en-us/HT1222

- http://www.securitytracker.com/id/1031936
CVE Reference: CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083, CVE-2015-1084
Mar 17 2015
Impact: Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (6.2.4, 7.1.4, 8.0.4).
___

- https://www.us-cert.gov/ncas/current...Updates-Safari
March 18, 2015 - "... Updates include:
Safari 8.0.4 for OS X Mountain Lion v10.8.5
Safari 7.1.4 for OS X Mavericks v10.9.5
Safari 6.2.4 for OS X Yosemite v10.10.2
US-CERT encourages users and administrators to review Apple security update HT204560 ..."

[AplusWebMaster]

FYI...

Apple Security Update 2015-003
- https://support.apple.com/en-us/HT204563
Mar 17, 2015
- https://lists.apple.com/archives/sec.../msg00005.html
Available for: OS X Yosemite v10.10.2
CVE-2015-1061, CVE-2015-1065

- https://support.apple.com/en-us/HT1222
OS X Yosemite v10.10.2 - 19 Mar 2015
___

- https://www.us-cert.gov/ncas/current...-OS-X-Yosemite
March 20, 2015