Alerts

iTunes 12.0.1, OS X Server v4.0, OS X Yosemite v10.10 released

FYI...

iTunes 12.0.1 released
- https://support.apple.com/kb/HT6537
Last Modified: Oct 16, 2014
CVE Reference(s): CVE-2013-2871, CVE-2013-2875, CVE-2013-2909, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6635, CVE-2013-6663, CVE-2014-1268, CVE-2014-1269, CVE-2014-1270, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313, CVE-2014-1323, CVE-2014-1324, CVE-2014-1325, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1340, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1362, CVE-2014-1363, CVE-2014-1364, CVE-2014-1365, CVE-2014-1366, CVE-2014-1367, CVE-2014-1368, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390, CVE-2014-1713, CVE-2014-1731, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415
___

Security Update 2014-005
- https://support.apple.com/kb/HT6531
Oct 16, 2014
> https://www.us-cert.gov/ncas/current-activity/2014/10/17/Apple-Releases-Security-Update-2014-005
Oct 17, 2014 - "... Security Update 2014-005 to address vulnerabilities in SSL 3.0..."
___

OS X Server v4.0
- http://support.apple.com/kb/HT6536
Oct 16, 2014

- http://www.securitytracker.com/id/1031071
___

OS X Yosemite v10.10
- http://support.apple.com/kb/HT6535
Oct 16, 2014

- http://www.securitytracker.com/id/1031063

- http://www.securitytracker.com/id/1031065

OS X Yosemite: List of available trusted root certificates
- http://support.apple.com/kb/HT6005
Oct 17, 2014

:fear::fear::fear:
 
Last edited:
Adblock Plus 2.6.5 for Firefox ...

FYI...

Adblock Plus 2.6.5 for Firefox
- https://adblockplus.org/releases/adblock-plus-265-for-firefox-released
Changes:
- Fixed: Element hiding exceptions are broken by changes in Firefox 34 and Firefox 35 (issue 1241, issue 1381).
- Fixed: Blocking via context menu won’t always suggest blocking the most recent request (issue 362).
- Fixed: Issue reporter will complain about too many filter lists even when these filter lists are “special” like the anti-adblock list (issue 690).
- Fixed: Disabling filters via space bar no longer works in preferences (issue 1129).
- Fixed: Sharing Adblock Plus from the first-run page won’t work if the Anti-Social list is enabled (issue 1133).
- Fixed: Anti-Adblock warning will sometimes appear on websites without any anti-adblock behavior (issue 1161).
- Made $sitekey option behavior more consistent, it can be used similarly to $domain now rather than whitelisting complete websites only (issue 432).

- https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

:fear::fear:
 
iOS 8.1 released

FYI...

iOS 8.1 released
- https://support.apple.com/kb/HT6541
Oct 20, 2014
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

- http://www.securitytracker.com/id/1031077/
CVE Reference: CVE-2014-4448, CVE-2014-4449, CVE-2014-4450
Oct 20 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 8.1 ...

- https://en.greatfire.org/blog/2014/...cloud-data-attack-coincides-launch-new-iphone
Oct 20, 2014 - "After previous attacks on Github, Google, Yahoo and Microsoft, the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud... Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack..."

- http://www.reuters.com/article/2014/10/21/us-apple-china-security-idUSKCN0I92H020141021
Oct 21, 2014
___

Apple TV 7.0.1
- https://support.apple.com/kb/HT6542
Oct 20, 2014

- https://support.apple.com/kb/HT1222

:fear:
 
Last edited:
SSL 3.0 obsolete ...

FYI...

- http://windowssecrets.com/top-story/protecting-yourself-from-poodle-attacks/
Oct 23, 2014 - "The following changes force your browser to not use SSL 3.0. Here’s what to adjust in the top three browsers...

Chrome: In Google’s browser, edit the shortcut that launches the browser, adding a flag to the end of the Shortcut path. Start by selecting the icon normally used to launch Chrome. Right-click the icon and select Properties. Under the Shortcut tab, find the box labeled “Target” and insert –ssl-version-min=tls1 immediately after chrome.exe” (see Figure 1). It should look something like this (note the space between .exe” and –ssl-):
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ssl-version-min=tls1
Figure 1: http://windowssecrets.com/wp-content/uploads/2014/10/W20141023-TS-Chrome.png

... in the Oct. 14 Mozilla blog post*, Firefox 34, due to be released on Nov. 25, will disable SSL 3.0 support. In the meantime, Mozilla recommends installing the add-on (download site**), “SSL Version Control 0.2? (see Figure 2), which will let you control SSL support within the browser. (Some websites have recommended adjusting Firefox settings in the configuration file, but Mozilla recommends using the add-on instead.)..."
* https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
** https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
Figure 2: http://windowssecrets.com/wp-content/uploads/2014/10/W20141023-TS-FF.png

... Internet Explorer: In IE, click the gear (settings) icon, open Internet options, and then select the Advanced tab. Scroll down the Settings list to the Security category, and then look for Use SSL 3.0. Uncheck the box (see Figure 3), click OK, and then relaunch IE... Microsoft released an initial security advisory on this topic; expect to see additional guidance in the near future...
Figure 3: http://windowssecrets.com/wp-content/uploads/2014/10/W20141023-TS-IE.png

... How to test your browser’s TLS/SSL protection:
Several websites test whether your currently open browser supports SSL 3.0. For a simple test, Poodletest.com displays a poodle dog if your browser still supports SSL 3.0, and a Springfield terrier if it doesn’t. On the other hand, Qualys SSL Labs (site***) provides a more detailed analysis of the SSL protocols your browser supports.
As noted above, some business sites such as online -banking- might still need SSL 3.0. Again, I recommend leaving SSL 3.0 support on -one- browser; it’ll be faster and safer than repeatedly adjusting browser settings. If you’re running a Web server or small-business server, you should -disable- SSL 3.0 support to better protect connected workstations and Internet-based phones... there’s a silver lining to this latest security mess — it should now force everyone on the Internet to finally abandon a dated, insecure protocol."
*** https://www.ssllabs.com/ssltest/viewMyClient.html
"Your user agent is not vulnerable..." < What you want to see after the new Firefox extention is installed.
___

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3513 - 7.1 (HIGH)
Last revised: 10/22/2014
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567 - 7.1 (HIGH)
Last revised: 10/31/2014
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3568 - 4.3
Last revised: 10/31/2014

:fear::fear:
 
Last edited:
 
Last edited:
Sumatra PDF reader v3.0 ...

FYI...

Sumatra PDF reader v3.0 released
- http://blog.kowalczyk.info/software/sumatrapdf/news.html
Version history - v3.0 (2014-10-18)
Changes in this release:
- Tabs! Enabled by default. Use Settings/Options... menu to go back to the old UI
- support table of contents and links in ebook UI
- add support for PalmDoc ebooks
- swapped keybindings:
- F11: Fullscreen mode (still also Ctrl+Shift+L)
- F5: Presentation mode (also Shift+F11, still also Ctrl+L)
- added a document measurement UI. Press 'm' to start. Keep pressing 'm' to change measurement units
- new advanced settings: FullPathInTitle, UseSysColors (no longer exposed through the Options dialog), UseTabs
- replaced non-free UnRAR with a free RAR extraction library...

[prior version 2.5.2] ...

Download: http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html

:fear:
 
iOS 8.1.1, OS X Yosemite v10.10.1, Apple TV 7.0.2 released

FYI...

iOS 8.1.1 released
- http://support.apple.com/en-us/HT6590
Nov 17, 2014
... for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later...
- http://www.securitytracker.com/id/1031232
CVE Reference: CVE-2014-4451, CVE-2014-4457, CVE-2014-4463
Nov 18 2014
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (8.1.1).
___

OS X Yosemite v10.10.1
- http://support.apple.com/en-us/HT6572
Nov 17, 2014
- http://www.securitytracker.com/id/1031230
CVE Reference: CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
Nov 18 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (10.10.1).
___

Apple TV 7.0.2
- http://support.apple.com/en-us/HT6592
Nov 17, 2014
- http://www.securitytracker.com/id/1031231
CVE Reference: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
Nov 18 2014
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (7.0.2).
___

- https://isc.sans.edu/diary.html?storyid=18961
Nov 17, 2014
- https://www.us-cert.gov/ncas/curren...curity-Updates-iOS-OS-X-Yosemite-and-Apple-TV
Nov 17, 2014

:fear:
 
WordPress 4.0.1 Security Release

FYI...

WordPress 4.0.1 Security Release
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
Nov 20, 2014 - "WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... This issue does not affect version 4.0, but version 4.0.1 does address these -eight- security issues..."

- http://www.securitytracker.com/id/1031243
Nov 20 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 3.7.5, 3.8.5, 3.9.3, 4.0.1
Description: Several vulnerabilities were reported in WordPress. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote user can compromise a target user's account...
Solution: The vendor has issued a fix (3.7.5, 3.8.5, 3.9.3, 4.0.1).
The vendor's advisory is available at:
- https://wordpress.org/news/2014/11/wordpress-4-0-1/

:fear::fear:
 
Thunderbird 31.3 released

FYI...

Thunderbird 31.3 released
- https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/
Dec 1, 2014

Fixed in Thunderbird 31.3
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

Automated Updates: https://support.mozillamessaging.com/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla.org/thunderbird/all.html
___

- http://www.securitytracker.com/id/1031287
CVE Reference: CVE-2014-1587, CVE-2014-1588, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595
Dec 3 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.3 ...
Solution: The vendor has issued a fix (31.3).

:fear:
 
Last edited:
Adblock Plus 1.8.8 for Chrome, Opera and Safari released

FYI...

Adblock Plus 1.8.8 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-188-for-chrome-opera-and-safari-released
2014-12-02
___

Adblock Plus - How to keep people from knowing you’ve read their Facebook message
- https://adblockplus.org/blog/how-to-keep-people-from-knowing-you-ve-read-their-facebook-message
2014-12-02 - "You know how you’re able to see that someone has “seen” your message on Facebook? If you’ve ever wanted others -not- to be informed about when/if you’ve read their Facebook messages, Adblock Plus has a new solution for you. Just click HERE* (and then click Add) to enable it automatically; read on for an explanation. By displaying the “seen” message you know that the person you’ve sent the message to has read the message... To enable it automatically simply click HERE*..."
(More detail and link* at the adblockplus URL above.)

:spider:
 
Last edited:
Safari 8.0.1, 7.1.1, 6.2.1 released

FYI...

Safari 8.0.1, 7.1.1, 6.2.1 released
- http://support.apple.com/en-us/HT6596
Dec 3, 2014

- http://www.securitytracker.com/id/1031296
CVE Reference: CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475
Dec 4 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.2.1, 7.1.1, 8.0.1
Solution: The vendor has issued a fix (6.2.1, 7.1.1, 8.0.1).
___

- http://www.theinquirer.net/inquirer...pdate-after-it-forces-users-to-reinstall-os-x
Dec 05 2014 - "... The Safari update from 3 December addressed 13 security vulnerabilities, including some that were serious, in versions 8.0.1, 7.1.1 and 6.2.1. Most of the vulnerabilities were discovered by Apple internally. However, Mac OS X users soon complained that the update failed. The update processing claimed that it completed successfully, but it did not, and instead it removed Safari from users' systems. Users said that Apple support instructed them to reinstall Mac OS X* in order to recover Safari..."
* https://discussions.apple.com/thread/6706616?start=0&tstart=0

> https://discussions.apple.com/servl...7704/Screen+Shot+2014-12-04+at+1.25.31+AM.png

- http://support.apple.com/en-us/HT6596
Dec 4, 2014

- http://forums.macrumors.com/showthread.php?t=1825558

> http://support.apple.com/downloads/ ??

:fear:
 
Last edited:
Adblock Plus 1.3 for IE ...

FYI...

Adblock Plus 1.3 for IE released
- https://adblockplus.org/releases/adblock-plus-13-for-ie-released
2014-12-15 - "... version 1.3 fixes a lot of issues where ABP for IE either incorrectly blocked a request, or falsely allowed the request through, when it shouldn’t have... hope you’ll notice the improvement... list of changes:
General blocking improvements (issue 1265):
Improved detection of mime types
Added support for XMLHttpRequests
Added support for requests from Flash
Improved detection of a referrer of a request.
Fix element hiding on some sites (issue 1148)
Fix incorrect blocking of video content on some sites (issue 1231)
Block video ads where they weren’t blocked before (issue 1500)
Fix “Navigation canceled” messages if IFRAME is blocked (issue 1264)
Fix version string in Add/Remove programs (issue 1222)
Changes in the First Run Page (issue 1230, issue 1356) ..."

:blink:
 
WordPress Download Mgr Security Bypass Vuln

FYI...

WordPress Download Manager Security Bypass Vulnerability
- https://secunia.com/advisories/62641/
Release Date: 2014-12-18
Criticality: Highly Critical
... vulnerability is confirmed in version 2.7.4. Prior versions may also be affected.
Solution: Update to version 2.7.5...
- https://wordpress.org/plugins/download-manager/changelog/
2.7.81: WordPress v4.1 compatibility release
Last Updated: 2014-12-18

:fear::fear:
 
Adblock Plus 1.8.9 for Chrome ...

FYI...

Adblock Plus 1.8.9 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-189-for-chrome-opera-and-safari-released
Jan 6, 2015 - "Install links...
Changes:
Worked around some circumvention attempts.
Fixed: Extension pages didn’t respect direction of right-to-left languages (issue 1668).
Fixed an issue when generating filters based on the style attribute (issue 1658).
Fixed an issue where “Block element” from the context menu didn’t work or in an inferior way than from the popup (issue 1611).
When blocking elements suggest filters based on all URLs associated with the element (issue 1601).
Removed the ‘Hide placeholders’ option (issue 1671).
Updated the extension description (issue 1643)..."

:fear:
 
Thunderbird 31.4.0 released

FYI...

Thunderbird 31.4.0 released
- https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
Jan 13, 2015

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.4
Fixed in Thunderbird 31.4
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

Automated Updates: https://support.mozillamessaging.com/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download: https://www.mozilla.org/en-US/thunderbird/all.html
___

- http://www.securitytracker.com/id/1031534
CVE Reference: CVE-2014-8634, CVE-2014-8635, CVE-2014-8638, CVE-2014-8639
Jan 14 2015
Impact: Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.4 ...

:fear:
 
Adblock Plus 2.6.7 for Firefox released

FYI...

Adblock Plus 2.6.7 for Firefox released
- https://adblockplus.org/releases/adblock-plus-267-for-firefox-released
Jan 14, 2015
Changes:
Removed “Hide placeholders of blocked elements” option from the user interface (issue 1670).
Fixed: First-run page broken in Firefox nightlies if E10S is enabled (issue 1663, issue 1706).
Fixed first-run page layout for right-to-left languages (issue 1668).
Fixed: “Adblock Warning Removal List” is being displayed as the selected list on Firefox Mobile (issue 1712).
Fixed: “Disable on site” doesn’t always show up on Firefox Mobile (issue 1713)...

:fear:
 
Adblock Plus 1.8.10 for Chrome, Opera and Safari released

FYI...

Adblock Plus 1.8.10 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-1810-for-chrome-opera-and-safari-released
2015-01-20
> Changes
Fixed: “Block element” didn’t highlight some elements correctly (issue 1751 and issue 1755).
Fixed: “Block element” didn’t work while the first run page was open (issue 1741).
> Chrome/Opera-only changes
Worked around an issue that broke printing of spreadsheets on Google Docs (issue 1770).
Adapted for a new API feature introduced in Chrome 41 and Opera 28, that allows to identify frames more efficiently and reliably (issue 1739).
> Safari-only changes
Fixed a potential memory leak in the messaging code (issue 1724).

Install/download links at the adblockplus URL above.

:fear:
 
You must log in or register to reply here.
Back
Top