Alerts

Thunderbird 38 delayed - 31.7 released

FYI...

Thunderbird 38 - delayed ...
- http://emailmafia.net/2015/05/12/thunderbird-38-delayed/
May 12, 2015 - "... Thunderbird 38.0 will -not- ship on the same date as Firefox 38.0 but will likely be delayed a couple of weeks... there are still a number of regressions that we are working on, and last week’s beta was the first beta that was feature complete. That means we will not be ready to ship according to the original schedule.
A current estimate of when we will ship Thunderbird 38.0 is approximately May 26."
___

Thunderbird 31.7 released

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7
Fixed in Thunderbird 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

Thunderbird 31.7 download:
- https://www.mozilla.org/en-US/thunderbird/all/
___

- http://www.securitytracker.com/id/1032303
CVE Reference: CVE-2011-3079, CVE-2015-0797, CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716
May 13 2015
Impact: Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 31.7

:fear:
 
Last edited:
iPhone "Text msg" bug

FYI... iPhone "Text msg" bug

If Messages quits unexpectedly after you get a text with a specific string of characters
- https://support.apple.com/en-us/HT204897
Last Modified: May 29, 2015
"Apple is aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update. Until the update is available, you can use these steps to re-open the Messages app.
1. Ask Siri* to "read unread messages."
2. Use Siri to reply to the malicious message. After you reply, you'll be able to open Messages again.
3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread."

About Siri
* https://support.apple.com/en-us/HT204389
Last Modified: Apr 15, 2015
___

- http://www.idownloadblog.com/2015/0...sages-issue-says-software-update-coming-soon/
"... the company will be releasing a fix via a software update soon, presumably along iOS 8.4, which is still in beta stage."

:fear::fear:
 
Adblock Plus 1.9 for Chrome, Opera and Safari released

FYI...

Adblock Plus 1.9 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-19-for-chrome-opera-and-safari-released
2015-06-16
Install Adblock Plus 1.9 for Chrome
Install Adblock Plus 1.9 for Opera
Install Adblock Plus 1.9 for Safari (Safari 6 or higher required)
>> Changes:
Fixed: Placeholders weren’t hidden for elements that were blocked by an URL given in the srcset attribute (issue 2634).
Exception rules with protocol don’t imply the $document flag anymore (issue 2503).
Changed the label for the share buttons to reflect the functionality more accurately (issue 2202).
Implemented an alternative format for subscription links (issue 2212).
Fixed some issues with the “Block element” dialog:
Fixed some issues with element highlighting (issue 2077, issue 2209).
Fixed some issues with dragging the dialog (issue 2100, issue 2173, issue 2194).
Fixed issues with how the context menu interacted with other parts of the user interface (issue 2279, issue 2298).
The page no longer freezes when selecting an element that would result in a lot of other elements being blocked as well (issue 2215).
Performance improvements:
Mitigated the effect of slow request blocking filters (issue 2177).
Determine whether a page or frame is whitelisted more efficiently by only matching exception rules (issue 2132).
Moved code not crucial to blocking requests out of the critical path, decreasing load times (issue 2505).
> Chrome/Opera-only changes
Changed the way Adblock Plus stores persistent data such as setting and filter lists, replacing localStorage and the deprecated FileSystem API with chrome.storage (issue 2021, issue 2040).
Run content scripts in anonymous frames again, in order to block ads more reliably (issue 2216, issue 2217).
Worked around a Chromium bug that caused corruption of the page layout when using the feedback dialog on Google Mail and other Google websites (issue 2602).
Fixed element hiding filters using CSS selectors with commas inside quoted text (issue 2467).
Don’t assume Chromium-specific user agent string, fixing issues when using --user-agent switch, or running on a different platform (issue 2537).
Performance improvements:
Flush caches after filter changes only when absolutely necessary and respect the browser’s quotas (issue 2034, issue 2297).
Improved the performance of CSS selector injection, slightly decreasing page load time, in particular on pages with many frames and/or many active element hiding filters (issue 2528).
Avoid calling into JavaScript when processing headers when loading other resources than documents and frames (issue 2538).
Got rid of some try..catch statements which prevent functions from being (issue 2658, issue 2569).
Avoid iteration over a hash-table which prevents functions from being optimized, slightly improving performance of element hiding filter matching (issue 2582).
> Chrome-only changes
Added a pre-configurable preference to suppress the first run page (issue 1488).
> Opera-only changes
Fixed: Spanish translation wasn’t being used (issue 2665).
> Safari-only changes
Restored compatibility with Safari 6 (issue 2172).

:fear::fear:
 
Secunia drops Public Listing of Vulnerabilities

FYI...

- http://it.slashdot.org/story/15/06/20/027237/secunia-drops-public-listing-of-vulnerabilities
June 19, 2015 - "Secunia just announced on a forum post* that they will no longer provide public access to advisories newer than 9 months. According to Secunia they, "frequently encounter organizations engaged in wrongful use of Secunia Advisories" and that VIM customers, "have full access to all advisories." While Secunia is under no obligation to provide their aggregated vulnerabilities they've been doing it for over 10 years. The information they provide is primarily from public sources."

* https://secunia.com/community/forum/thread/show/15400
19th Jun, 2015 - "We have decided to make advisories more recent than nine months unavailable on secunia.com . The decision was made to avoid abuse of the advisories for commercial use, and because we frequently encounter organizations engaged in wrongful use of Secunia Advisories. Our advisories are made available for personal use only, and commercial use is prohibited.
Users who wish to make commercial use of our vulnerability intelligence must subscribe to our vulnerability management solution, the Secunia Vulnerability Intelligence Manager (Secunia VIM: - http://secunia.com/vulnerability_intelligence/ ). Users of the Secunia VIM have full access to all advisories and are able to analyse all the latest advisories in chronological order as well as proactive alerting the moment they have been released. Private users who have created a Secunia community profile ( http://secunia.com/community/profile/ ), can access advisories less than 9 months old using the search engine ( http://secunia.com/community/advisories/search/ ). We are aware that the search on the community pages is not working optimally and are working to fix that shortly.
Stay Secure,
Kasper Lindgaard, Director of Research and Security"

.
 
Apple Updates - 6.30.2015

FYI...

> https://support.apple.com/en-us/HT201222

iOS 8.4 released
- https://support.apple.com/en-us/HT204941
Jun 30, 2015
- http://www.securitytracker.com/id/1032761
CVE Reference: CVE-2015-3722, CVE-2015-3723, CVE-2015-3724, CVE-2015-3725, CVE-2015-3726, CVE-2015-3728
Jul 1 2015
Impact: Denial of service via network, Execution of arbitrary code via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 8.4...
___

QuickTime 7.7.7 released
- https://support.apple.com/en-us/HT204947
Jun 30, 2015
- http://www.securitytracker.com/id/1032756
CVE Reference: CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3664, CVE-2015-3665, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3669
Jul 1 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7.7.7 ...
Download: https://www.apple.com/quicktime/download/
"QuickTime 7.7.7 for Windows Vista or Windows 7"
Alternate download site: http://www.majorgeeks.com/files/details/quicktime.html
Author: Apple, Inc.
Date: 07/01/2015 06:34 AM
Size: 39.9 MB
License: Freeware
Requires: Win 10/8/7/Vista
___

Safari 8.0.7, 7.1.7, 6.2.7
- https://support.apple.com/en-us/HT204950
Jun 30, 2015
- http://www.securitytracker.com/id/1032754
CVE Reference: CVE-2015-3658, CVE-2015-3659, CVE-2015-3660, CVE-2015-3727
Jun 30 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.2.7, 7.1.7, 8.0.7 ...
___

Security Update 2015-005 - OS X Yosemite v10.10.4
- https://support.apple.com/en-us/HT204942
Jun 30, 2015
- http://www.securitytracker.com/id/1032759
CVE Reference: CVE-2015-4000
Jul 1 2015
Impact: Modification of authentication information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
- http://www.securitytracker.com/id/1032760
CVE Reference: CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673, CVE-2015-3674, CVE-2015-3675, CVE-2015-3676, CVE-2015-3677, CVE-2015-3678, CVE-2015-3679, CVE-2015-3680, CVE-2015-3681, CVE-2015-3682, CVE-2015-3683, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3691, CVE-2015-3694, CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3702, CVE-2015-3703, CVE-2015-3704, CVE-2015-3705, CVE-2015-3706, CVE-2015-3707, CVE-2015-3708, CVE-2015-3709, CVE-2015-3710, CVE-2015-3711, CVE-2015-3712, CVE-2015-3714, CVE-2015-3715, CVE-2015-3716, CVE-2015-3717, CVE-2015-3718, CVE-2015-3719, CVE-2015-3721
Jul 1 2015
Impact: Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (10.10.4, Security Update 2015-005)...
___

Security Update 2015-001 - Mac EFI
- https://support.apple.com/en-us/HT204934
Jun 30, 2015
- http://www.securitytracker.com/id/1032755
CVE Reference: CVE-2015-3693
Jun 30 2015
Impact: Root access via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.8.5, 10.9.5, 10.10 to 10.10.3 ...
Solution: The vendor has issued a fix (Security Update 2015-001, OS X 10.10.4).
___

iTunes 12.2 for Windows
- https://support.apple.com/en-us/HT204949
Jul 1, 2015

- https://www.apple.com/itunes/download/
___

- http://net-security.org/secworld.php?id=18577
01 July 2015 - "... The OS X update contains fixes for 77 vulnerabilities, many of which can be exploited by attackers to gain admin or root privilege, crash applications, perform unauthenticated access to the system, execute arbitrary code, intercept network traffic, and so on. It also includes fixes for vulnerabilities in the Mac EFI (Extensible Firmware Interface), one of which could allow a malicious app with root privileges to modify EFI flash memory when it resumes from sleep states...
The iOS security update contains fixes for a slew of vulnerabilities that could lead to unexpected application termination or arbitrary code execution just by making the users open or the OS process a malicious crafted PDF, text, font or .tiff file.
The 'Logjam bug' in coreTLS that could be exploited by an attacker with a privileged network position to SSL/TLS connections has also been plugged, as have two vulnerabilities discovered by FireEye researchers, which could allow attackers to deploy two new kinds of Masque Attack and prevent iOS and Watch apps from launching..."

> http://lists.apple.com/archives/security-announce/2015/Jun/index.html#00005

:fear::fear:
 
Last edited:
Thunderbird 38.1 released

FYI...

Thunderbird 38.1 released

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1
Fixed in Thunderbird 38.1
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

Download:
- https://www.mozilla.org/en-US/thunderbird/all/
___

- http://www.securitytracker.com/id/1032784
CVE Reference: CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-4000
Jul 3 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 38.0 and prior ...
Solution: The vendor has issued a fix (38.1)...
___

Thunderbird 38.2

Download: https://www.mozilla.org/en-US/thunderbird/all/

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.2
Aug 11, 2015
Fixed in Thunderbird 38.2
Vulnerabilities found through code inspection
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

:fear:
 
Last edited:
Adblock Plus 1.9.1...

FYI...

Adblock Plus 1.9.1 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-191-for-chrome-opera-and-safari-released
2015-07-14
Install Adblock Plus 1.9.1 for Chrome
Install Adblock Plus 1.9.1 for Opera
Install Adblock Plus 1.9.1 for Safari (Safari 6 or higher required)
Changes:
- Added global opt-out for notifications (issue 2195).
- Immediately show notifications after they were downloaded (issue 2419).
- Reduced delay of initial download of notifications (issue 2659).
- Fixed: Notification data was reset when pages load during extension intitialization (issue 2757).

:fear:
 
WordPress 4.2.3 released

FYI...

WordPress 4.2.3 released
- https://wordpress.org/news/2015/07/wordpress-4-2-3/
July 23, 2015 - "WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site... WordPress 4.2.3 also contains fixes for 20 bugs from 4.2..."

Release notes
- https://codex.wordpress.org/Version_4.2.3

Change log
- https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430

Download
- https://wordpress.org/download/

- https://www.us-cert.gov/ncas/current-activity/2015/07/23/WordPress-Releases-Security-Update
July 23, 2015
___

- http://www.securitytracker.com/id/1033037
CVE Reference: CVE-2015-5622, CVE-2015-5623
Jul 23 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.2.2 and prior...
Solution: The vendor has issued a fix (4.2.3).

:fear::fear:
 
Last edited:
Adblock Plus 2.6.10 ...

FYI...

Adblock Plus 2.6.10 for Firefox released
- https://adblockplus.org/releases/adblock-plus-2610-for-firefox-released
2015-07-28 - "This is a quality and stability release, with the focus being compatibility with upcoming Firefox versions. Most of the changes are under the hood, only the visible changes are listed:
• suppress_first_run_page preference introduced by previous release can now be preconfigured by machine administrators via setting extensions.adblockplus.preconfigured.suppress_first_run_page Firefox preference (issue 2439).
• Issue reporter
Made sure there is always enough space to display report data (issue 344).
No longer intercepting right-clicks on the resulting report link, only left- and middle-clicks result in the report being opened (issue 701).
• Subscription links
Implemented an alternative format that is easier to use in forums or emails: https ://subscribe.adblockplus .org/?location=foo instead of abp:subscribe?location=foo (issue 2211).
• Fixed subscription links in multi-process Firefox (issue 1730)
• Notifications
Added global opt-out for notifications (issue 2192 and issue 2193).
Notifications are shown immediately after download rather than waiting for a browser restart (issue 2419).
• Removed inconsistent behavior (breaks backwards compatibility): exception rules starting with http:// or https:// no longer imply $document option (issue 2503).
• Reduced the initial delay for filter lists and notification updates after browser startup (issue 284 and issue 2659).
• First-run page: Fixed social buttons being broken starting with Firefox 38 (issue 2710)...

:fear::fear:
 
WordPress 4.2.4 released

FYI...

WordPress 4.2.4 released
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
Aug 4, 2015 - "WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site..."

Release notes
- https://codex.wordpress.org/Version_4.2.4

Download
- https://wordpress.org/download/

- https://www.us-cert.gov/ncas/current-activity/2015/08/04/WordPress-Releases-Security-Update
Aug 04, 2015

Hardening WordPress: https://codex.wordpress.org/Hardening_WordPress
___

- http://www.securitytracker.com/id/1033178
CVE Reference: CVE-2015-2213, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5733, CVE-2015-5734
Aug 4 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.2.3 and prior versions...
Solution: The vendor has issued a fix (4.2.4)...

:fear::fear:
 
Last edited:
Apple updates released - 2015.08.13

FYI....

> https://support.apple.com/en-us/HT201222

iOS 8.4.1
- https://support.apple.com/en-us/HT205030
13 Aug 2015 - iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Update the iOS software on your iPhone, iPad, and iPod touch
> https://support.apple.com/en-us/HT204204
Last Modified: Aug 12, 2015
- http://www.securitytracker.com/id/1033275
CVE Reference: CVE-2015-3756, CVE-2015-3758, CVE-2015-3759, CVE-2015-3763, CVE-2015-3766, CVE-2015-3768, CVE-2015-3776, CVE-2015-3778, CVE-2015-3782, CVE-2015-3784, CVE-2015-3793, CVE-2015-3795, CVE-2015-3796, CVE-2015-3797, CVE-2015-3798, CVE-2015-3800, CVE-2015-3802, CVE-2015-3803, CVE-2015-3804, CVE-2015-3805, CVE-2015-3806, CVE-2015-3807, CVE-2015-5746, CVE-2015-5749, CVE-2015-5752, CVE-2015-5755, CVE-2015-5756, CVE-2015-5757, CVE-2015-5758, CVE-2015-5759, CVE-2015-5761, CVE-2015-5766, CVE-2015-5769, CVE-2015-5770, CVE-2015-5773, CVE-2015-5774, CVE-2015-5775, CVE-2015-5776, CVE-2015-5777, CVE-2015-5778, CVE-2015-5781, CVE-2015-5782
Aug 14 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 8.4.1...
Solution: The vendor has issued a fix (8.4.1).

OS X Server v4.1.5
- https://support.apple.com/en-us/HT205032
13 Aug 2015 - BIND: Available for: OS X Yosemite v10.10.5 or later. CVE-2015-5477

OS X Yosemite 10.10.5 and Security Update 2015-006
- https://support.apple.com/en-us/HT205031
13 Aug 2015 - Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
- http://www.securitytracker.com/id/1033276
CVE Reference: CVE-2014-7844, CVE-2015-3757, CVE-2015-3760, CVE-2015-3761, CVE-2015-3762, CVE-2015-3764, CVE-2015-3765, CVE-2015-3767, CVE-2015-3769, CVE-2015-3770, CVE-2015-3771, CVE-2015-3772, CVE-2015-3773, CVE-2015-3774, CVE-2015-3775, CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3781, CVE-2015-3783, CVE-2015-3786, CVE-2015-3787, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-3794, CVE-2015-3799, CVE-2015-5747, CVE-2015-5748, CVE-2015-5750, CVE-2015-5751, CVE-2015-5753, CVE-2015-5754, CVE-2015-5763, CVE-2015-5768, CVE-2015-5771, CVE-2015-5772, CVE-2015-5779, CVE-2015-5783, CVE-2015-5784
Aug 14 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.10 - 10.10.4...
Solution: The vendor has issued a fix (10.10.5, Security Update 2015-006).

Safari 8.0.8, 7.1.8, 6.2.8
- https://support.apple.com/en-us/HT205033
13 Aug 2015 - Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4
- http://www.securitytracker.com/id/1033274
CVE Reference: CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755
Aug 13 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 6.2.8, 7.1.8, 8.0.8...
Solution: The vendor has issued a fix (6.2.8, 7.1.8, 8.0.8).

:fear::fear:
 
Last edited:
QuickTime 7.7.8 released

FYI...

QuickTime 7.7.8 released
- https://support.apple.com/en-us/HT205046
Aug 18, 2015

- https://lists.apple.com/archives/security-announce/2015/Aug/msg00004.html
20 Aug 2015

- https://support.apple.com/en-us/HT201222

Download
- https://www.apple.com/quicktime/download/
QuickTime 7.7.8 for Windows Vista or Windows 7

... -or- use "Apple Software Update".
___

- http://www.securitytracker.com/id/1033346
CVE Reference: CVE-2015-5785, CVE-2015-5786
Aug 21 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7.7.8...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (7.7.8)...

- https://www.us-cert.gov/ncas/current-activity/2015/08/20/Apple-Releases-Security-Update-QuickTime
Aug 20, 2015

:fear:
 
Last edited:
Adblock -Browser- for Android -or- iOS

FYI...

Adblock -Browser- for Android -or- iOS
- https://adblockplus.org/releases/adblock-browser-10-for-android-and-ios-released
2015-09-08 - "... we’ve been working hard on Adblock Browser for Android and iOS over the past few months... today is the day where we release it on -both- platforms..."

> Install Adblock Browser for Android or iOS
___

- http://www.theinquirer.net/inquirer...droid-and-iphone-users-ahead-of-ios-9-release
Sep 08 2015 - "... There was some speculation that Adblock Plus was being blocked by Google, according to some sources yesterday, but it later emerged that it was a fault in the source code of Chromium itself*. Blocking advertising remains controversial. So-called 'malvertising' is on the increase, and the 'right' to block is important to many people, but many companies depend on advertising revenue to monetise their sites and will look down on this move."
* http://www.theinquirer.net/inquirer...blocking-the-ad-blockers-in-youtube-on-chrome

> https://www.youtube.com/watch?v=8Mnh3KevyAY

:wink:
 
WordPress 4.3.1 released

FYI...

WordPress 4.3.1 Security and Maintenance Release
- https://wordpress.org/news/2015/09/wordpress-4-3-1/
Sep 15, 2015 - "WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.
• WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
• A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
• Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.3.1 also fixes twenty-six bugs..."

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.
> https://wordpress.org/download/

Release notes
> https://codex.wordpress.org/Version_4.3.1

List of changes
> https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647
___

- https://www.us-cert.gov/ncas/current-activity/2015/09/15/WordPress-Releases-Security-Update
Sep 15, 2015

:fear::fear:
 
Last edited:
Apple: iOS 9, Xcode 7.0, iTunes 12.3, OS X Server v5.0.3 released

FYI...

> https://support.apple.com/en-us/HT201222

iOS 9 released
- https://support.apple.com/en-us/HT205212
Sep 16, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-16-1 iOS 9
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

- http://www.securitytracker.com/id/1033609
CVE Reference: CVE-2015-3801, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5829, CVE-2015-5831, CVE-2015-5832, CVE-2015-5834, CVE-2015-5835, CVE-2015-5837, CVE-2015-5838, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5843, CVE-2015-5844, CVE-2015-5845, CVE-2015-5846, CVE-2015-5847, CVE-2015-5848, CVE-2015-5850, CVE-2015-5851, CVE-2015-5855, CVE-2015-5856, CVE-2015-5857, CVE-2015-5858, CVE-2015-5860, CVE-2015-5861, CVE-2015-5862, CVE-2015-5863, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5874, CVE-2015-5876, CVE-2015-5879, CVE-2015-5880, CVE-2015-5882, CVE-2015-5885, CVE-2015-5892, CVE-2015-5895, CVE-2015-5896, CVE-2015-5898, CVE-2015-5899, CVE-2015-5903, CVE-2015-5904, CVE-2015-5905, CVE-2015-5906, CVE-2015-5907, CVE-2015-5912, CVE-2015-5916, CVE-2015-5921
Sep 18 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, Root access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0...
Solution: The vendor has issued a fix (9.0)...
___

Xcode 7.0 released
- https://support.apple.com/en-us/HT205217
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.4 or later..."
APPLE-SA-2015-09-16-2 Xcode 7.0
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

- http://www.securitytracker.com/id/1033596
CVE Reference: CVE-2015-5909, CVE-2015-5910
Sep 17 2015
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (7.0).
___

iTunes 12.3 released
- https://support.apple.com/en-us/HT205221
Sep 16, 2015 - "Available for: Windows 7 and later..."
APPLE-SA-2015-09-16-3 iTunes 12.3
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
___

OS X Server v5.0.3
- https://support.apple.com/en-us/HT205219
Sep 16, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

- http://www.securitytracker.com/id/1033595
CVE Reference: CVE-2015-5911
Sep 17 2015
Impact: Not specified
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (OS X Server 5.0.3)...
___

- https://www.us-cert.gov/ncas/curren...rity-Updates-OS-X-Server-iTunes-Xcode-and-iOS
Sep 16, 2015
___

iOS 9, thoroughly reviewed
- http://arstechnica.com/apple/2015/09/ios-9-thoroughly-reviewed/
Sep 16, 2015

Apple users face issues upgrading to iOS 9 ...
- http://www.reuters.com/article/2015/09/16/us-apple-watch-ios-idUSKCN0RG2I720150916
Sep 16, 2015 - "Apple Inc customers were facing issues while upgrading to iOS 9, which was released on Wednesday, technology blog 9to5Mac* reported..."

* http://9to5mac.com/2015/09/16/ios-9-update-issues/
Sep 16, 2015 - "... several readers are reporting issues with updating to the new operating system. Developers using the iOS 9 GM seed released last week are also able to update to today’s release over-the-air, although the same error message is impacting those users... Other users are still seeing the previous iOS 8.4.1 version and unable to attempt to update just yet... As with any major release, the best troubleshooting solution is likely being patient and letting Apple’s servers catch up. In the meantime, some but not all users are reporting some success with updating using iTunes."

Apple customers report devices crash on iOS 9 update
- http://www.reuters.com/article/2015/09/18/us-apple-update-ios-idUSKCN0RI05P20150918
Sep 18, 2015 - "A significant number of Apple Inc customers are reporting their mobile devices have crashed after attempting to upload the new iOS 9 operating system, the latest in a line of launch glitches for the tech giant. Twitter and other social media were awash with disgruntled customers reporting two distinct faults, with one appearing to be linked specifically to older models of Apple iPhones and iPads... One group of users reported that iOS 9 upgrade would fail after several minutes, requiring them to start the process over. Many posted screen shots of the error message they received: "Software Update Failed". That problem was likely caused by servers that were overloaded when too many people tried to download the upgrade simultaneously... McKay and Brown said they always advised clients to wait several days before downloading any new upgrades from Apple, Google Inc or Microsoft Corp to make sure any glitches had been found and ironed out..."

:fear::fear:
 
Last edited:
Adblock Plus 1.5 for IE released

FYI...

Adblock Plus 1.5 for IE released
- https://adblockplus.org/releases/adblock-plus-15-for-ie-released
2015-09-22 - "... This release includes improvements for Large scale deployments. Here’s the list of changes since the last release:
Fixed: Some ads weren’t hidden (Issue 2055).
Fixed: Some Yahoo pages weren’t shown correctly in IE8 (Issue 1115).
New, improved icon (Issue 1538).
Fixed icon clipping on high DPI (Issue 176).
Fixed altering positions in IE8 (Issue 711).
Ensured the installer is capable of closing Internet Explorer in all cases (Issue 1686).
Fixed some issues with the enabling/disabling of ad blocking (Issue 1201, Issue 1104).
Support of notifications (Issue 1109).
More small fixes.
A complete list of changes can be found here*..."
* https://issues.adblockplus.org/query?milestone=Adblock-Plus-for-Internet-Explorer-1.5

:fear:
 
iOS 9.0.2, Safari 9, OS X El Capitan v10.11 released

FYI...

> https://support.apple.com/en-us/HT201222

iOS 9.0.2 released
- https://support.apple.com/en-us/HT205284
Sep 30, 2015 - "... Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
APPLE-SA-2015-09-30-01 iOS 9.0.2
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html

- http://www.securitytracker.com/id/1033687
CVE Reference: CVE-2015-5923
Oct 1 2015
Impact: Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0.2...
Impact: A physically local user can obtain photos and contacts from a locked device.
Solution: The vendor has issued a fix (9.0.2)...
___

Safari 9 released
- https://support.apple.com/en-us/HT205265
"... Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11..."
APPLE-SA-2015-09-30-2 Safari 9
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html
30 Sep 2015

- http://www.securitytracker.com/id/1033688
CVE Reference: CVE-2015-5780, CVE-2015-5828
Oct 1 2015
Impact: Modification of system information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0...
Impact: A remote user can cause a Safari extension to be silently replaced on the target user's system.
A remote user can return an HTTP redirect to the target connected plug-in without detection by the plugin.
Solution: The vendor has issued a fix (9.0)...
___

OS X El Capitan v10.11 released
- https://support.apple.com/en-us/HT205267
Sep 30, 2015 - "Available for: Mac OS X v10.6.8 and later..."
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
- https://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

- http://www.securitytracker.com/id/1033703
CVE Reference: CVE-2013-3951, CVE-2014-9709, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-5522, CVE-2015-5523, CVE-2015-5830, CVE-2015-5833, CVE-2015-5836, CVE-2015-5849, CVE-2015-5853, CVE-2015-5854, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5875, CVE-2015-5877, CVE-2015-5878, CVE-2015-5881, CVE-2015-5883, CVE-2015-5884, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5897, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922
Oct 1 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.11 ...
Solution: The vendor has issued a fix (10.11)....
___

- https://www.us-cert.gov/ncas/curren...curity-Updates-OS-X-El-Capitan-Safari-and-iOS
Sep 30, 2015

:fear::fear::fear:
 
Apple updates - Oct 15, 2015

FYI...

> https://support.apple.com/en-us/HT201222

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
- https://support.apple.com/en-us/HT205373
Oct 15, 2015

Keynote 6.6
- http://www.securitytracker.com/id/1033823
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (6.6).

Pages 5.6
- http://www.securitytracker.com/id/1033821
CVE Reference: CVE-2015-7034
Oct 16 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (5.6).
- http://www.securitytracker.com/id/1033826
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (5.6).

Numbers 3.6
- http://www.securitytracker.com/id/1033825
CVE Reference: CVE-2015-7032, CVE-2015-7033
Oct 16 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Solution: The vendor has issued a fix (3.6).
___

- https://www.us-cert.gov/ncas/curren...es-Security-Updates-Keynote-Pages-and-Numbers
Oct 15, 2015 - "... Available updates include:
Keynote 6.6, Pages 5.6, and Numbers 3.6 for OS X Yosemite v10.10.4 or later
Keynote 6.6, Pages 5.6, and Numbers 3.6 for iOS v8.4 or later ..."

:fear:
 
iOS 9.1, Safari 9.0.1, iTunes 12.3.1, OS X Server 5.0.15, more...

FYI...

> https://support.apple.com/en-us/HT201222

iOS 9.1
- https://support.apple.com/en-us/HT205370
Oct 21, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securitytracker.com/id/1033931
CVE Reference: CVE-2015-7010, CVE-2015-7018
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.1 ...

Safari 9.0.1
- https://support.apple.com/en-us/HT205377
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securitytracker.com/id/1033939
CVE Reference: CVE-2015-5931, CVE-2015-7011, CVE-2015-7013
Oct 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0.1

iTunes 12.3.1
- https://support.apple.com/en-us/HT205372
Oct 21, 2015 - "Available for: Windows 7 and later. Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution..."

Mac EFI Security Update 2015-002
- https://support.apple.com/en-us/HT205317
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5. Impact: An attacker can exercise unused EFI functions..."

OS X Server 5.0.15
- https://support.apple.com/en-us/HT205376
Oct 21, 2015 - "BIND: Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7-P3, one of which may have allowed a remote attacker to cause a denial of service. These issues were addressed by updating BIND to version 9.9.7-P3..."
- http://www.securitytracker.com/id/1033933
CVE Reference: CVE-2015-7031
Oct 22 2015
Impact: Host/resource access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): OS X Server prior to 5.0.15 ...

OS X El Capitan v10.11.1 and Security Update 2015-007
- https://support.apple.com/en-us/HT205375
Oct 21, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11. Impact: Visiting a maliciously crafted website may lead to arbitrary code execution..."
- http://www.securitytracker.com/id/1033929
CVE Reference: CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-6974, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6979, CVE-2015-6981, CVE-2015-6982, CVE-2015-6983, CVE-2015-6986, CVE-2015-6988, CVE-2015-6989, CVE-2015-6990, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6994, CVE-2015-6995, CVE-2015-6996, CVE-2015-6997, CVE-2015-6999, CVE-2015-7000, CVE-2015-7002, CVE-2015-7004, CVE-2015-7005, CVE-2015-7006, CVE-2015-7008, CVE-2015-7009, CVE-2015-7012, CVE-2015-7014, CVE-2015-7015, CVE-2015-7017, CVE-2015-7022, CVE-2015-7023
Oct 22 2015
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.9.5, 10.10.5, 10.11 ...

Xcode 7.1
- https://support.apple.com/en-us/HT205379
Oct 21, 2015 - "Available for: OS X Yosemite v10.10.5 or later. Impact: Swift programs performing certain type conversions may receive unexpected values. Description: A type conversion issue existed that could lead to conversions returning unexpected values. This issue was addressed through improved type checking..."
- http://www.securitytracker.com/id/1033930
CVE Reference: CVE-2015-7030
Oct 22 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 7.1R22.1, 7.4, 8.0R11, 8.1R3 ...

watchOS 2.0.1
- https://support.apple.com/en-us/HT205378
Oct 21, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes. Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment. Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2..."
___

> https://www.us-cert.gov/ncas/current-activity/2015/10/21/Apple-Releases-Multiple-Security-Updates
Oct 21, 2015

:fear::fear::fear:
 
Last edited:
Adblock Plus 2.6.12 for Firefox / 1.9.4 for Chrome, Opera and Safari

FYI...

Adblock Plus 2.6.12 for Firefox released
- https://adblockplus.org/releases/adblock-plus-2612-for-firefox-released
2015-11-24
Changes:
Added $generichide and $generic block filter options (issue 647, issue 616).
Improved first-run display on small screens, especially on mobile devices (issue 2018).
Fixed: Findbar in Filter Preferences is being triggered when trying to edit filters (issue 3129, issue 3144).
Fixed: Ctrl+F wasn’t working as expected when the findbar was already open (issue 2580).
Fixed: Filter composer’s “Advanced view” button was broken in Firefox nightly builds (issue 3263).
Fixed: Anti-Adblock warning shouldn’t show up when Adblock Plus is disabled (issue 3254).
Fixed: Anti-Adblock warning shouldn’t be triggered by frames (issue 3253).

Adblock Plus 2.6.13 for Firefox released
- https://adblockplus.org/releases/adblock-plus-2613-for-firefox-released
2015-11-25 - "... an upcoming change that will break Adblock Plus in Firefox nightly builds. However, at that point we didn’t know the scope of the issue and didn’t have a simple solution. Turned out, Adblock Plus isn’t merely broken itself but breaks the browser’s user interface as well. Luckily, Nils Maier provided us with a simple work-around for the issue, so we could push out a new release quickly."
___

Adblock Plus 1.9.4 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adblock-plus-194-for-chrome-opera-and-safari-release
2015-11-24
This update contains the new $generichide and $genericblock filter options and some bug fixes.
Changes:
Fixed: Anti-Adblock warning was being triggered by frames in some cases (issue 3238).
Fixed: Key-based whitelisting was ignored for element collapsing (issue 3170).
Fixed how the “Block element” feature deals with attributes containing null character (issue 3163).
Added support for new $generichide and $genericblock filter options (issue 616, 647).
Improved first-run page display on small screens (issue 2018).

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top