Alerts

[AplusWebMaster]

FYI...

Adblock Plus 1.10.1 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2016-02-03 - "This is an emergency bugfix release, fixing a regression that was introduced in the previous release and broke compatibility with Chrome 37, Opera 24, and earlier versions (issue 3580)...
Install Adblock Plus 1.10.1 for Chrome
Install Adblock Plus 1.10.1 for Opera
Install Adblock Plus 1.10.1 for Safari (Safari 6 or higher required)...

Besides that and some changes under the hood, this release fixes the following minor bugs:
Subscription links caused the options page to be opened twice (issue 3153).
The “Block element” option wasn’t shown in icon popup while page was loading (issue 3472)."

[AplusWebMaster]

FYI...

Adblock Plus 2.7.2 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2016-02-23
Install Adblock Plus 2.7.2 for Firefox
"This release works around some obscure Firefox bugs which Adblock Plus has been triggering since Adblock Plus 2.7 release (visible for example as issue 3489, issue 3541, bug 1127744).
Additional changes
Closed a pop-up blocking loophole misused by some websites (issue 3568).
Fixed tooltip display for very long filters (issue 1950)."

[AplusWebMaster]

FYI...

Apple confirms OS X update broke Ethernet port on some Macs, here’s how to fix ...
- http://9to5mac.com/2016/02/28/apple-...es-how-to-fix/
"... Read the -full- steps on Apple’s Support Site* and take care not to delete anything but the file in question. If you don’t mind losing data, it may be simpler to use Recovery Mode to just Reinstall OS X. This will fix the problem when OS X is started afresh, but obviously has the big downside of deleting other data. Make sure you have recent -backups- in any case."
* https://support.apple.com/en-us/HT205956
Last Modified: Mar 4, 2016

[AplusWebMaster]

FYI...

WordPress plugin backdoor
- https://www.helpnetsecurity.com/2016...r-credentials/
Mar 7, 2016 - "If you are one of the 10,000+ users of the 'Custom Content Type Manager (CCTM)' WordPress plugin, consider your site to be compromised and proceed to clean your installation up, Sucuri Security researchers have warned. After finding “a very suspicious auto-update.php file inside wp-content/plugins/custom-content-type-manager/ during the cleanup on an -infected- WP site, the researchers have begun digging, and discovered that:
• The file in question is a backdoor that can download additional files from a third-party domain, and save them in the plugin directory
• The CCTM plugin has been available for download from the official WP Plugin Directory for around three years, but hasn’t been updated in the last 10 months. But, some two weeks ago, a new developer (“wooranker”) started -adding- “small tweeks by new owner” and “bug fixes”... Users who want to keep using the plugin are advised revert to using version 0.9.8.6. and to -disable- automatic plugin updates."
> https://blog.sucuri.net/2016/03/when...-goes-bad.html
Updated Mar 7, 2016
(More detail at both URLs above.)

[AplusWebMaster]

FYI...

Adblock Plus 1.11 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2016-03-08
Install Adblock Plus 1.11 for Chrome
Install Adblock Plus 1.11 for Opera
Install Adblock Plus 1.11 for Safari (Safari 6 or higher required)
"This release features the new developer tools panel which shows blockable items along with applied filters, and provides an easy way to create new filters for these items, on Chrome and Opera. Another big change in this release: The “Block element” dialog is no longer injected into the page, but opened as a popup on Chrome and Opera, and as a new tab on Safari. This solved a couple issues, most notably a way that allowed websites to reliably detect whether Adblock Plus is installed..."

[AplusWebMaster]

FYI...

Thunderbird 45.0
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Apr 12, 2016
What’s New:
- Add a Correspondents column combining Sender and Recipient
- Much better support for XMPP chatrooms and commands.
- Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
- Use OpenStreetmap for maps (even allow the user to choose from list of map services)
- Allow spell checking and dictionary selection in the subject line
- Add dropdown in compose to allow specific setting of font size.
- Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
- Mail.ru supports OAuth authentication.
- Improved options for remote content exceptions (but previous settings based on the sender's email address are not migrated, so these need to be added again by users).
- Allow editing of From when composing a message.
- Allow copying of name and email address from the message header of an email
Fixed:
- When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
- XMPP had connection problems for users with large rosters
- Spell checker checked spelling in invisible HTML parts of the message.
- When saving a draft that is edited as new message, original draft was overwritten.
- External images not displayed in reply/forward
- Properly preserve pre-formatted blocks in message replies.
- Crashed in some cases while parsing IMAP messages.
- Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
- "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
- Grouped By view sort direction change was broken, plus enabled custom column grouping.
- New emails into a mailbox did not adhere to sort order by received.
- Box.com attachments failed to upload.
- Drag and drop of multiple attachments failed to OS file folder.
Known Issues:
- unresolved - Outlook and Eudora import non-functional.

Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/securi...#thunderbird45
Fixed in Thunderbird 45
... fixes dtd. March 8, 2016 ?

> https://www.mozilla.org/en-US/thunderbird/releases/
___

Thunderbird v38.7 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
March 14, 2016
Fixed: Various security fixes*
* https://www.mozilla.org/en-US/securi...hunderbird38.7
Fixed in Thunderbird 38.7
2016-37 Font vulnerabilities in the Graphite 2 library
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-31 Memory corruption with malicious NPAPI plugin
2016-27 Use-after-free during XML transformations
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

... 60 bugs found.
> http://preview.tinyurl.com/jhljn2x

Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla.org/en-US/thunderbird/all/

- https://www.mozilla.org/en-US/thunderbird/releases/
___

Thunderbird 38.7.1
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Mar 25, 2016
> Disabled Graphite font shaping library

[AplusWebMaster]

FYI...

Do NOT install iOS 9.3 on your iPad 2 - Upgrade bricks slabs
> http://www.theregister.co.uk/2016/03...ricks_ipad_2s/
23 Mar 2016 at 20:30

... iPad 2 (GSM model) after you update to iOS 9.3
>> https://support.apple.com/en-us/HT206214
Mar 25, 2016 Mar 28, 2016

> https://support.apple.com/en-us/HT206203
Mar 25, 2016 Mar 28, 2016 Mar 29, 2016

- https://apple.slashdot.org/story/16/...phone-and-ipad
Mar 29, 2016 - "Many users are experiencing an issue with their iPhone and iPad wherein trying to open a link on Safari, Mail, Chrome or any other app causes it to freeze and crash*. The issue renders any type of search with Safari as useless as none of the links returned will open. The wide-spread issue - for which there's no-known-workaround just yet - seems to be affecting users on both iOS 9.2 and iOS 9.3. Apple has acknowledged the issue and says it will release a fix "soon." There's no official word on what's causing the issue, but a popular theory with developers is that the glitch has something to do with Universal Links, a feature Apple first introduced with iOS 9. It appears some apps, such as Booking .com, are abusing this capability, causing the Universal Link database to overload."
* https://discussions.apple.com/thread...t=765&tstart=0
___

- https://support.apple.com/en-us/HT201222

iOS 9.3 released
- https://support.apple.com/en-us/HT206166
21 Mar 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securitytracker.com/id/1035353
CVE Reference: CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1751, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1760, CVE-2016-1761, CVE-2016-1762, CVE-2016-1763, CVE-2016-1766, CVE-2016-1775, CVE-2016-1778, CVE-2016-1779, CVE-2016-1780, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1784, CVE-2016-1785, CVE-2016-1786, CVE-2016-1788
Mar 22 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.3 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can obtain potentially sensitive information on the target system.
An application can obtain elevated privileges on the target system.
An application can bypass security controls on the target system.
Solution: The vendor has issued a fix (9.3)...

Safari 9.1
- https://support.apple.com/en-us/HT206171
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3..."
- http://www.securitytracker.com/id/1035354
CVE Reference: CVE-2009-2197, CVE-2016-1771, CVE-2016-1772
Mar 22 2016
Impact: A remote user can cause denial of service conditions on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the user interface.
Solution: The vendor has issued a fix (9.1)...

OS X El Capitan v10.11.4 and Security Update 2016-002
- https://support.apple.com/en-us/HT206167
21 Mar 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3..."
- http://www.securitytracker.com/id/1035363
CVE Reference: CVE-2016-1732, CVE-2016-1733, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1741, CVE-2016-1743, CVE-2016-1744, CVE-2016-1745, CVE-2016-1746, CVE-2016-1747, CVE-2016-1749, CVE-2016-1764, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2016-1770, CVE-2016-1773
Mar 22 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local or remote user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.4, Security Update 2016-002)...

OS X Server 5.1
- https://support.apple.com/en-us/HT206173
21 Mar 2016 - "Available for: OS X Yosemite v10.10.5 and later..."
- http://www.securitytracker.com/id/1035342
CVE Reference: CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
Mar 22 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): OS X Server prior to 5.1; OS X 10.10.5 and after...
Impact: A local user can obtain privileged files on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (OS X Server 5.1)...

Xcode 7.3
- https://support.apple.com/en-us/HT206172
21 Mar 2016 - "Available for: OS X El Capitan v10.11 and later..."
- http://www.securitytracker.com/id/1035352
CVE Reference: CVE-2016-1765
Mar 22 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (7.3)...

tvOS 9.2
- https://support.apple.com/en-us/HT206169
21 Mar 2016 - "Available for: Apple TV (4th generation)..."

watchOS 2.2
- https://support.apple.com/en-us/HT206168
21 Mar 2016 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."

Apple Software Update 2.2
- https://support.apple.com/en-us/HT206091
Mar 10, 2016 - "Available for: Windows 7 and later..."
___

iOS 9.3
> https://lists.apple.com/archives/sec.../msg00000.html
watchOS 2.2
> https://lists.apple.com/archives/sec.../msg00001.html
tvOS 9.2
> https://lists.apple.com/archives/sec.../msg00002.html
Xcode 7.3
> https://lists.apple.com/archives/sec.../msg00003.html
OS X El Capitan 10.11.4 and Security Update 2016-002
> https://lists.apple.com/archives/sec.../msg00004.html
Safari 9.1
> https://lists.apple.com/archives/sec.../msg00005.html
OS X Server 5.1
> https://lists.apple.com/archives/sec.../msg00006.html
___

- https://www.us-cert.gov/ncas/current...curity-Updates
March 21, 2016

[AplusWebMaster]

FYI...

- https://support.apple.com/en-us/HT201222

iOS 9.3.1 released
- https://support.apple.com/en-us/HT206225
Last Modified: Mar 31, 2016 - "iOS 9.3.1 includes the security content of iOS 9.3."

> https://lists.apple.com/archives/sec...Mar/index.html
??

- http://www.theinquirer.net/inquirer/...cts-and-photos
Apr 05 2016 - "... AFTER releasing iOS 9.3.1 to fix the link-crashing glitch plaguing iPhones and iPads, a bug has been spotted in the update that allows -anyone- to access photos and contacts on a locked device. A YouTube video (below) shows the vulnerability in action and reveals that all a hacker needs to pilfer contacts from a passcode-locked iPhone 6S or 6S Plus is access to Siri and 3D Touch... there -is- a way to keep your iPhone's information safe should it fall into the hands of a hacker... Siri can carry out the command in question only if given permission to access Twitter account information, as well as contacts and photos. To -revoke- these permissions, head to:
Settings > Privacy and switch -off- Siri's access to Twitter and Photos. To stop it accessing your contacts, you'll need to -disable- Siri's lock screen activation by heading to Settings > Touch ID & Passcode."
(See Video 0:49 at the URL above.)
___

iBooks Author 2.4.1
- https://support.apple.com/en-us/HT206224
Last Modified: Mar 31, 2016
CVE-2016-1789

> https://lists.apple.com/archives/sec.../msg00008.html

- https://www.us-cert.gov/ncas/current...ecurity-Update
Apr 1, 2016
___

APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked
- https://lists.apple.com/archives/sec.../msg00007.html
28 Mar 2016 - "Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 21.0.0.182 and 18.0.0.333. Information on blocked web plug-ins will be posted to:
- http://support.apple.com/en-us/HT202681 "
Last Modified: Mar 18, 2016

[AplusWebMaster]

FYI...

WordPress 4.5 released
- https://wordpress.org/news/
April 12, 2016

Release notes
- https://codex.wordpress.org/Version_4.5

Changelog/4.5
- https://codex.wordpress.org/Changelog/4.5

List of changes
- https://core.trac.wordpress.org/query?milestone=4.5
Results: 550

Download
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.5) is available in two formats from the links..."

[AplusWebMaster]

FYI...

Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
- https://www.us-cert.gov/ncas/alerts/TA16-105A
April 14, 2016

> https://support.apple.com/en-us/HT205771
___

Apple is deprecating QuickTime for Windows
- http://blog.trendmicro.com/urgent-ca...windows-today/
April 14, 2016 - "... Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX... our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows..."
> http://zerodayinitiative.com/advisories/ZDI-16-241/
> http://zerodayinitiative.com/advisories/ZDI-16-242/

- http://www.securitytracker.com/id/1035579
Apr 15 2016
___

- https://support.apple.com/en-us/HT201175
Apr 20, 2016 - "QuickTime 7 for Windows is no longer supported by Apple... All current Windows web browsers support video without the need for browser plug-ins. If you no longer need QuickTime 7 on your PC, follow the instructions for uninstalling QuickTime 7 for Windows*."
* https://support.apple.com/kb/HT205771