Alerts

OpenSSL 1.0.1u, 1.0.2i, 1.1.0a released

FYI...

OpenSSL 1.0.1u, 1.0.2i, 1.1.0a released
- https://www.openssl.org/news/secadv/20160922.txt
22 Sep 2016 - "Severity: High ...
OpenSSL 1.1.0 users should upgrade to 1.1.0a
OpenSSL 1.0.2 users should upgrade to 1.0.2i
OpenSSL 1.0.1 users should upgrade to 1.0.1u ..."

- https://www.openssl.org/news/secadv/20160926.txt
26 Sep 2016 - "Severity: Critical
OpenSSL 1.1.0 users should upgrade to 1.1.0b ...
OpenSSL 1.0.2i users should upgrade to 1.0.2j ..."

> https://isc.sans.edu/diary.html?storyid=21509
2016-09-22 - "OpenSSL released an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0).
The update fixes -14- different vulnerabilities... With this update, the latest versions of OpenSSL for the various branches are 1.0.1u, 1.0.2i and 1.1.0a. All three branches are currently supported..."
(See chart @ the isc URL above.)
___

- http://www.securitytracker.com/id/1036878
CVE Reference: CVE-2016-6304
Sep 22 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 1.0.1, 1.0.2, 1.1.0...
Impact: A remote authenticated user can consume excessive memory resources on the target system.
Solution: The vendor has issued a fix (1.0.1u, 1.0.2i, 1.1.0a)...

- http://www.securitytracker.com/id/1036879
CVE Reference: CVE-2016-6305
Sep 22 2016
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
Version(s): 1.1.0...
Impact: A remote authenticated user can cause the target service to hang.
Solution: The vendor has issued a fix (1.1.0a)...

- http://www.securitytracker.com/id/1036885
CVE Reference: CVE-2016-6302, CVE-2016-6303, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052
Updated: Sep 26 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can cause the target service or application to crash.
Solution: The vendor has issued a fix (1.0.1u, 1.0.2i, 1.1.0a).
[Editor's note: On September 26, 2016, the vendor reported that two of the fixed versions contain vulnerabilities. Version 1.1.0a is affected by a use-after-free memory error (CVE-2016-6309), reported by Robert Swiecki (Google Security Team). Version 1.0.2i is affected by a CRL processing null pointer exception (CVE-2016-7052), reported by Bruce Stephens and Thomas Jakobi. The revised fixes are versions 1.1.0b and 1.0.2j.]
___

- https://www.us-cert.gov/ncas/current-activity/2016/09/23/OpenSSL-Releases-Security-Updates
Last revised: Sep 26, 2016

:fear::fear:
 
Last edited:
Thunderbird 45.4.0 released

FYI...

Thunderbird 45.4.0 released
- https://www.mozilla.org/en-US/thunderbird/45.4.0/releasenotes/
Oct 3, 2016
What’s New:
Fixed:
- Display name was truncated if no separating space before email address.
- Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
- Additional spaces were inserted when drafts were edited.
- Mail saved as template copied In-Reply-To and References from original email.
- Threading broken when editing message draft, due to loss of Message-ID
- "Apply columns to..." did not honor special folders

... 12 bugs fixed.

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/thunderbird/releases/

Download
- https://www.mozilla.org/en-US/thunderbird/all/

Add-ons
- https://addons.mozilla.org/en-US/thunderbird/

:fear:
 
Apple security updates - 2016.10.24

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10.1
- https://support.apple.com/en-us/HT207271
Oct 24, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."
- http://www.securitytracker.com/id/1037088
CVE Reference: CVE-2016-4664, CVE-2016-4665, CVE-2016-4680, CVE-2016-4686
Oct 25 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: An application user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.1)...

Safari 10.0.1
- https://support.apple.com/en-us/HT207272
Oct 24, 2016 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12..."
- http://www.securitytracker.com/id/1037087
CVE Reference: CVE-2016-4666, CVE-2016-4676, CVE-2016-4677
Oct 25 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.0.1...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.0.1)...

macOS Sierra 10.12.1
- https://support.apple.com/en-us/HT207275
Oct 24, 2016 - "Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6..."
- http://www.securitytracker.com/id/1037086
CVE Reference: CVE-2016-4635, CVE-2016-4660, CVE-2016-4661, CVE-2016-4662, CVE-2016-4663, CVE-2016-4667, CVE-2016-4669, CVE-2016-4671, CVE-2016-4673, CVE-2016-4674, CVE-2016-4675, CVE-2016-4678, CVE-2016-4679, CVE-2016-4682, CVE-2016-7579
Oct 25 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.12.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can cause denial of service conditions on the target system.
A remote user can modify files on the target system.
A local user can obtain root privileges on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.12.1)...

tvOS 10.0.1
- https://support.apple.com/en-us/HT207270
Oct 24, 2016 - "Available for: Apple TV (4th generation)..."

watchOS 3.1
- https://support.apple.com/en-us/HT207269
Oct 24, 2016 - "Available for: All Apple Watch models..."

:fear:
 
Last edited:
Adblock Plus 2.8 for Firefox

FYI...

Adblock Plus 2.8 for Firefox released
- https://adblockplus.org/releases/adblock-plus-28-for-firefox-released
2016-10-25
Install Adblock Plus 2.8 for Firefox

This release changes the way element hiding works in Firefox, so that noticeable delays from changing a single element hiding rule should be no more. Also, the behavior should be more consistent now and filters not applying on a particular website should no longer be able to cause unexpected side-effects. On the downside, changes to element hiding rules will only apply after a page is reloaded now (which is actually consistent with blocking rules).
Additional changes:
- There is a special $websocket type option now to block WebSocket requests, the type was previously considered to be other here (announcement*).
* https://adblockplus.org/development-builds/new-filter-type-option-for-websockets
- Our toolbar icon will look better on high-resolution screens (issue 4142).
- Removed feature selection from the first-run page until the features can be removed similarly easily (issue 4294).
- Hits for CSS property filters which were introduced in the previous release are being counted now (issue 3969).
- Fixed: CSS property filters applied even when Adblock Plus was disabled everywhere (issue 4201).
- Fixed: A regression in pop-up blocking functionality caused websites to be mistakenly considered pop-ups under some circumstances (issue 4335).
- Corrected handling of frames with srcdoc attribute.
- Fixed and improved search functionality in Filter Preferences, was partially broken in Firefox nightly builds (issue 4510)...

:fear:
 
Adblock Plus 2.8.1 for Firefox released

FYI...

Adblock Plus 2.8.1 for Firefox released
- https://adblockplus.org/releases/adblock-plus-281-for-firefox-released
2016-10-28 - "Our Adblock Plus 2.8 release introduced a -regression- that went unnoticed for months in the development builds. Users who activated the please_kill_startup_performance preference were experiencing data loss: filters didn’t load completely. Also, importing custom filters was failing for large files. Both issues have the same root cause (issue 4576) and have been resolved in Adblock Plus 2.8.1. If your data is still incomplete after updating to Adblock Plus 2.8.1 please click the “Backup and Restore” button in Filter Preferences — one of the automatically created backups is certain to be correct."


:fear::fear::fear:
 
Apple updates - 2016.10.27-31

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10.1.1
- https://support.apple.com/en-us/HT207287
Oct 31, 2016 - "iOS 10.1.1 includes the security content of iOS 10.1*."

iOS 10.1
* https://support.apple.com/en-us/HT207271
Oct 24, 2016

> http://www.macrumors.com/2016/10/31/apple-releases-ios-10-1-1/
Oct 31, 2016 - "...Today's update fixes bugs including an issue where Health data could not be viewed for some users. iOS 10.1.1 can be downloaded as a free over-the-air update on all iPhone, iPad, and iPod touch models compatible with iOS 10...
Update: Apple has subsequently stopped signing iOS 10.0.2 and iOS 10.0.3, meaning that users can no longer downgrade to those software versions."

- http://appleinsider.com/articles/16...-1011-with-fix-for-viewing-data-in-health-app
Oct 31, 2016
___

iTunes 12.5.2 for Windows
- https://support.apple.com/en-us/HT207274
Oct 27, 2016 - "Available for: Windows 7 and later..."
- http://www.securitytracker.com/id/1037139
CVE Reference: CVE-2016-4613, CVE-2016-7578
Oct 28 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 12.5.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (12.5.2; for Windows)...
___

iCloud for Windows 6.0.1
- https://support.apple.com/en-us/HT207273
Oct 27, 2016 - "Available for: Windows 7 and later..."
___

Xcode 8.1
- https://support.apple.com/en-us/HT207268
Oct 27, 2016 - "Available for: OS X El Capitan v10.11.5 and later..."

:fear::fear::fear:
 
Thunderbird 45.5.0 released

FYI...

Thunderbird 45.5.0 released
- https://www.mozilla.org/en-US/thunderbird/45.5.0/releasenotes/
Nov 18, 2016
What’s New:
Changed: IMPORTANT: Changed recipient address entry: Arrow-keys now copy the pop-up value to the input field. Mouse-hovered pop-up value can no longer be confirmed with tab or enter key. This restores the behavior of Thunderbird 24.
Changed: Support changes to character limit in Twitter
Fixed:
- Reply with selected text containing quote resulted in wrong quoting level indication
- Mail address display at header pane displayed incorrectly if the address contains UTF-8 according to RFC 6532
- Attempting to sort messages on the Date field whilst a quick filter is applied got stuck on sort descending
- Email invitation might not be displayed when description contains non-ASCII characters

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/thunderbird/releases/

Download
- https://www.mozilla.org/en-US/thunderbird/all/

Add-ons
- https://addons.mozilla.org/en-US/thunderbird/

:fear:
 
Adblock Plus 2.8.2 for Firefox released

FYI...

Adblock Plus 2.8.2 for Firefox released
- https://adblockplus.org/releases/adblock-plus-282-for-firefox-released
2016-11-22
Install Adblock Plus 2.8.2 for Firefox
... This is a maintenance release, most importantly introducing some improvements to CSS property filters.
Additional changes:
- Made sure that element hiding rules don’t affect browser’s and extensions’ special pages, this regressed with Adblock Plus 2.8 (issue 4624, issue 4625).
- Fixed blockable items list slowing down page loading (issue 4587).
- Pop-ups using data: URLs and similar unusual schemes can be blocked now (issue 4368).
- When selecting keyboard shortcuts, more shortcut keys already in use by the browser can be recognized. This will change the shortcut key to show Blockable items list from Ctrl/Cmd-Shift-V to Ctrl/Cmd-Shift-U for pretty much everybody (issue 4544).

:fear::fear:
 
Network Time Protocol update

FYI...

Network Time Protocol update
- https://www.us-cert.gov/ncas/curren...-Identified-Network-Time-Protocol-Daemon-ntpd
Nov 21, 2016 - "The Network Time Foundation's NTP Project has released version ntp-4.2.8p9 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review Vulnerability Note VU#633847* and the NTP Security Notice Page** for vulnerability and mitigation details."
* http://www.kb.cert.org/vuls/id/633847

** http://nwtime.org/ntp428p9_release/
___

- http://www.securitytracker.com/id/1037354
CVE Reference: CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312
Nov 29 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.2.8p9 ...
Impact: A remote user can cause the target service to crash.
A remote user can obtain potentially sensitive information from the target system.
A remote user can conduct denial of service amplification attacks against other targets.
Solution: The vendor has issued a fix (4.2.8p9)...
Vendor URL: http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se

:fear::fear:
 
Last edited:
Thunderbird 45.5.1 released

FYI...

Thunderbird 45.5.1 released
- https://www.mozilla.org/en-US/thunderbird/45.5.1/releasenotes/
Nov 30, 2016

- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.5.1

- https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
Fixed in:
Thunderbird 45.5.1
CVE-2016-9079: Use-after-free in SVG Animation
Critical

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

- https://www.mozilla.org/en-US/thunderbird/releases/

Download
- https://www.mozilla.org/en-US/thunderbird/all/

Add-ons
- https://addons.mozilla.org/en-US/thunderbird/
___

- http://www.securitytracker.com/id/1037371
CVE Reference: CVE-2016-9079
Dec 1 2016
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
Version(s): prior to 45.5.1
Impact: A remote user can create JavaScript content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: Mozilla.org has issued a fix for Mozilla Thunderbird (45.5.1)...
___

- https://www.us-cert.gov/ncas/current-activity/2016/11/30/Mozilla-Releases-Security-Updates
Nov 30, 2016

:fear::fear:
 
Apple updates - 12.12.2016

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10.2 released
- https://support.apple.com/en-us/HT207422
Dec 12, 2016 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."

- http://appleinsider.com/articles/16...-102-with-new-tv-app-plus-new-refreshed-emoji
Dec 12, 2016

- http://www.securitytracker.com/id/1037429
CVE Reference: CVE-2016-4689, CVE-2016-4690, CVE-2016-4781, CVE-2016-7597, CVE-2016-7601, CVE-2016-7626, CVE-2016-7634, CVE-2016-7638, CVE-2016-7651, CVE-2016-7653, CVE-2016-7664, CVE-2016-7665
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain passwords on the target system.
A remote or local user can bypass security controls on the target system.
Solution: The vendor has issued a fix (10.2)...
___

tvOS 10.1
- https://support.apple.com/en-us/HT207425
Dec 12, 2016

watchOS 3.1.1
- https://support.apple.com/en-us/HT207426
Dec 12, 2016
___

- https://www.us-cert.gov/ncas/current-activity/2016/12/12/Apple-Releases-Security-Updates
Dec 12, 2016

:fear:
 
Last edited:
Apple updates - 2016.12.13

FYI...

- https://support.apple.com/en-us/HT201222

Safari 10.0.2
- https://support.apple.com/en-us/HT207421
Dec 13, 2016 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.2..."
- http://www.securitytracker.com/id/1037459
CVE Reference: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.0.2
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.0.2)...

iCloud for Windows 6.1
- https://support.apple.com/en-us/HT207424
Dec 13, 2016 - "Available for: Windows 7 and later..."

iTunes 12.5.4 for Windows
- https://support.apple.com/en-us/HT207427
Dec 13, 2016 - "Available for: Windows 7 and later..."

macOS Sierra 10.12.2
- https://support.apple.com/en-us/HT207423
Dec 13, 2016 - "Available for: macOS Sierra 10.12.1..."
- http://www.securitytracker.com/id/1037469
CVE Reference: CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663
Dec 14 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to

Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can cause denial of service conditions on the target system.
A remote or local user can obtain potentially sensitive information on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data and files on the target system.
Solution: The vendor has issued a fix (10.12.2)...

Transporter 1.9.2
- https://support.apple.com/en-us/HT207432
Dec 5, 2016 - "Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit), Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)..."
___

- https://www.us-cert.gov/ncas/current-activity/2016/12/14/Apple-Releases-Security-Updates
Dec 14, 2016

:fear::fear::fear:
 
Thunderbird 45.6 released

FYI...

Thunderbird 45.6 released
- https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
Dec 28, 2016
Fixed: The system integration dialog was shown every time when starting Thunderbird
Fixed: Various security fixes...
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.6

> https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
Critical
Fixed in: Thunderbird 45.6 ...
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.6
___

- https://www.us-cert.gov/ncas/current-activity/2016/12/28/Mozilla-Releases-Security-Update
Dec 28, 2016

:fear::fear:
 
Last edited:
Adblock Plus v1.6 for IE ...

FYI...

Adblock Plus 1.6 for Internet Explorer released
- https://adblockplus.org/releases/adblock-plus-16-for-internet-explorer-released
2017-01-03 - "... Adblock Plus 1.6 for Internet Explorer. This update brings a bunch of features... we are switching to CSS injection for element hiding, instead of a custom DOM traverser. This change was implemented for a more powerful element hiding. The new way of element hiding through CSS injection will work only on IE10+. But since we support IE8+ we have also made improvements to the traverser itself and fixed other bugs, which should make the general ad blocking experience more robust. We have also resolved a case where ABP for Internet Explorer would crash, so a more stable experience is also to be expected. You can see the full list of changes included in the release here*."
* https://issues.adblockplus.org/query?group=status&milestone=Adblock-Plus-for-Internet-Explorer-1.6
___

Note: The update -asked- for "System restart" to complete the install (Win7 system)...

:blink: :fear:
 
WordPress 4.7.1 released

FYI...

WordPress 4.7.1 released
- https://wordpress.org/download/
Jan 11, 2017 - "The latest stable release of WordPress (Version 4.7.1) is available..."

- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Jan 11, 2017 - "... This is a security release for all previous versions and we strongly encourage you to update your sites immediately... eight security issues... In addition to the security issues... WordPress 4.7.1 fixes 62 bugs from 4.7..."

- https://codex.wordpress.org/Version_4.7.1
11 Jan, 2017

- https://wordpress.org/about/requirements/

- https://wordpress.org/download/release-archive/
___

- http://www.securitytracker.com/id/1037591
Jan 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7 and prior versions...
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.1)...

:fear:
 
Last edited:
Apple updates - 2017.01.18

FYI...

- https://support.apple.com/en-us/HT201222

GarageBand 10.1.5
- https://support.apple.com/en-us/HT207477
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later..."

- http://www.securitytracker.com/id/1037627
CVE Reference: CVE-2017-2372
Jan 18 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (10.1.5)...
___

Logic Pro X 10.3
- https://support.apple.com/en-us/HT207476
Jan 18, 2017 - "Available for: OS X Yosemite v10.10 and later (64 bit)..."
___

- http://arstechnica.com/security/201...-may-have-circulated-in-the-wild-for-2-years/
Jan 18, 2017
- https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Jan 18, 2017

:fear::fear:
 
Apple advisories - 2017.01.23

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10.2.1 released
- https://support.apple.com/en-us/HT207482
Jan 23, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."

- http://www.securitytracker.com/id/1037668
CVE Reference: CVE-2016-8687, CVE-2017-2350, CVE-2017-2351, CVE-2017-2352, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2360, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2368, CVE-2017-2369, CVE-2017-2370, CVE-2017-2371, CVE-2017-2373
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can bypass security controls on the target system.
A remote user can gain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10.2.1)...
___

iTunes 12.5.5 for Windows
- https://support.apple.com/en-us/HT207486
Jan 23, 2017 - "Available for: Windows 7 and later..."
___

Safari 10.0.3 released
- https://support.apple.com/en-us/HT207484
Jan 23, 2017 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3..."

- http://www.securitytracker.com/id/1037669
CVE Reference: CVE-2017-2359
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can spoof a URL.
Solution: The vendor has issued a fix (10.0.3)...
___

iCloud for Windows 6.1.1 released
- https://support.apple.com/en-us/HT207481
Jan 23, 2017 - "Available for: Windows 7 and later..."
___

macOS Sierra 10.12.3 released
- https://support.apple.com/en-us/HT207483
Jan 23, 2017 - "Available for: macOS Sierra 10.12.2..."

- http://www.securitytracker.com/id/1037671
CVE Reference: CVE-2017-2353, CVE-2017-2357, CVE-2017-2358, CVE-2017-2361
Jan 23 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: An application can gain elevated privileges on the target system.
An application can determine kernel memory layout.
A remote user can execute arbitrary scripting code on the target user's system.
Solution: The vendor has issued a fix (10.12.3)...
___

tvOS 10.1.1
- https://support.apple.com/en-us/HT207485
Jan 23, 2017 - "Available for: Apple TV (4th generation)..."
___

watchOS 3.1.3
- https://support.apple.com/en-us/HT207487
Jan 23, 2017 - "Available for: All Apple Watch models..."
___

- https://www.us-cert.gov/ncas/current-activity/2017/01/23/Apple-Releases-Security-Updates
Jan 23, 2017

:fear::fear:
 
Last edited:
Thunderbird 45.7 released

FYI...

Thunderbird 45.7 released
- https://www.mozilla.org/en-US/thunderbird/45.7.0/releasenotes/
Jan 26, 2017

- https://www.mozilla.org/en-US/thunderbird/releases/

Fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.7

Security vulnerabilities fixed in Thunderbird 45.7
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
Jan 26, 2017
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/
v45.7
___

- https://www.us-cert.gov/ncas/current-activity/2017/01/26/Mozilla-Releases-Security-Update
Jan 26, 2017

:fear::fear:
 
WordPress 4.7.2 released

FYI...

WordPress 4.7.2 released
- https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
Jan 26, 2017 - "WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately..."

- https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.7.2) is available..."

- https://codex.wordpress.org/Version_4.7.2

- https://wordpress.org/download/release-archive/

- https://wordpress.org/news/category/security/

- https://wordpress.org/about/requirements/
___

- http://www.securitytracker.com/id/1037731
CVE Reference: CVE-2017-5610, CVE-2017-5611, CVE-2017-5612
Updated: Jan 30 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7.1 and prior ...
Impact: A remote user can obtain potentially sensitive information on the target system.
A remote user can execute SQL commands on the underlying database.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.2)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/01/26/WordPress-Releases-Security-Update
Last revised: Feb 01, 2017 - "... On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2."

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top