Windows users: uninstall Quicktime now

April 18, 2016 jrivett Leave a comment

QuickTime is Apple’s media player software. It was originally developed for Mac only, but eventually Apple produced a Windows version. It’s often installed on Windows systems as it’s almost the only way to play Apple’s proprietary Quicktime media.

The current version of Quicktime for Windows has at least two security vulnerabilities. Rather than fix those issues, Apple has decided to stop developing the Windows version. In other words, if Quicktime is installed on your computer, it is – and will always be – vulnerable.

This leaves Windows users little choice but to remove Quicktime completely, and that’s what we’re recommending.

Ars Technica has additional details.

Chrome, Google, Patches and updates, Security

Chrome 50 released

April 15, 2016 jrivett Leave a comment

According to the full change log, 8748 changes were made to Chrome for version 50.0.2661.75. At least twenty of those changes are related to security, so this is an important update.

With this many changes, it seems reasonable to expect that one or two of them might be worth pointing out, but the release notes only say that there are a number of fixes and improvements, and to “Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 50.”

Rather than spend several days reading the details of all 8748 changes, I’ll wait for further announcements from Google. If I discover anything interesting, I’ll add it here.

Microsoft, Patches and updates, Windows 10

Windows 10 Insider Preview Build 14316

April 13, 2016 jrivett Leave a comment

Last week Microsoft pushed out another preview build for Windows 10: build 14316.

For me, the most interesting aspect of build 14316 is ability to use Linux commands from the Windows 10 command line. Getting this to actually work involves a few additional steps, including installation of Visual Studio, Microsoft’s main development platform. Sadly (for me, anyway), this essentially requires at least 4 GB of RAM, and my test PC has only 2 GB.

Build 14316 also sports improvements to Cortana, more new extensions for Edge, and better control of alerts in the Action Center. You can now switch between dark and light visual modes globally. Virtual Desktops have been enhanced with multi-desktop pinnable windows. Battery settings were improved. The Feedback Hub now allows user comments.

The BSOD (Blue Screen Of Death) screen that appears when Windows crashes has been improved with QR codes. This is a neat idea, because it means you no longer have to write down the error details. Just scan the code with your smartphone to find out what the error means.

A new setting in Windows Update allows you to specify a window of time during which the computer should not be restarted automatically. Unfortunately, the window can be ten hours long at the most.

With this build, Microsoft changed the status messages that appear on your screen during installation. These messages now look more like the ones you see when installing Windows updates. This change may be partly due to the unintentionally humourous nature of the original messages. My favourite was “All your files are exactly where you left them”, which was presumably meant to be reassuring, particularly as upgrades in previous Windows versions would sometimes blow away user data.

Firefox, Patches and updates

Firefox 45.0.2

April 13, 2016 jrivett Leave a comment

A couple of days ago Mozilla snuck another Firefox release past me. This one I discovered when Firefox itself prompted me to upgrade. According to the release notes, version 45.0.2 consists of a few minor bug fixes, none of which are related to security. There was no announcement for this release.

Opera, Patches and updates

Opera 36.0.2130.65

April 12, 2016 jrivett Leave a comment

Stability improvements appear to be the main reason for the latest version of Opera, 36.0.2130.65. No security fixes are mentioned in the change log.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for April 2016

April 12, 2016 jrivett Leave a comment

Microsoft offers up thirteen patches this month, addressing thirty security issues in the usual culprits: Windows, Internet Explorer, Edge, .NET, and Office. There are thirteen updates in all, six of them flagged as Critical.

The folks at SANS now provide useful summaries of Microsoft patch days, showing which vulnerabilities are addressed in each update, with multiple risk assessments.

Adobe, Flash, Patches and updates, Security

Flash 21.0.0.213 fixes 24 security issues

April 9, 2016 jrivett Leave a comment

Earlier this week Adobe issued a security alert about a Flash vulnerability that was (and still is) being actively exploited on the web. As expected, that vulnerability has been fixed in a new version of Flash. In all, twenty-four security vulnerabilities are addressed in Flash 21.0.0.213.

If you use a web browser with Flash enabled, you should install the new version as soon as possible. You can find out whether Flash is enabled in your browser by visiting Check-And-Secure.

As usual, Chrome will update itself with the new Flash, and Internet Explorer and Edge running on newer versions of Windows will get the new Flash via Windows Update.

Chrome, Google, Patches and updates

Chrome 49.0.2623.112

April 9, 2016 jrivett Leave a comment

Version 49.0.2623.112 of Google’s web browser is now available. For most users, the browser will update itself automatically.

The new version doesn’t seem to include any security fixes, but it does address a few other, minor bugs. Additional details are available in the full change log.

Adobe, Flash, Security, Windows

New Flash vulnerability discovered

April 7, 2016 jrivett Leave a comment

According to a security bulletin published yesterday by Adobe, all versions of Flash older than 21.0.0.182 running on Windows are vulnerable. The specific vulnerability involved — designated CVE-2016-1019 — is flagged as Critical, and could allow an attacker to crash or take over control of targeted Windows systems.

Adobe says that Flash 21.0.0.182 contains a mitigation that protects it from this vulnerability, so if you use Flash, and you’re not already running 21.0.0.182 or newer, you should install it ASAP.

Adobe is working on a more comprehensive fix for this vulnerability and plans to release another new version of Flash in the next day or so.

Firefox, Security

Malicious Firefox add-ons can co-opt other, vulnerable add-ons

April 6, 2016 jrivett Leave a comment

Security researchers recently discovered that Firefox add-ons can use functions and data from other add-ons. This allows malicious persons to create seemingly-innocuous add-ons that look for and use vulnerable versions of popular add-ons like NoScript and Firebug.

For this type of exploit to work, a user would need to a) leave a vulnerable add-on unpatched; and b) install the malicious add-on. Which means that we have yet another reason to make sure that Firefox add-ons are kept up to date. Thankfully, the extremely useful NoScript add-on receives updates automatically, and frequently.

This also serves as a reminder to be careful when installing any add-on, no matter how innocuous it seems.

Mozilla is currently revamping the add-on framework in Firefox. The new system will improve security, preventing add-ons from accessing each others’ functions and data.

boot13

Monthly Archives: April 2016