boot13Oracle/Sun has announced that additional security-related updates for Java will be made available on February 19. The emergency updates released on February 1 were originally scheduled to be released with the upcoming updates on February 19. Stay tuned.
Category Archives: Patches and updates
New version of Chrome
Version 24.0.1312.70 of Google’s web browser contains the latest version of Adobe Flash.
Update: Something funny going on here. The announcement linked above states that version 24.0.1312.70 is actually for the Linux platform. It goes on to say: “This release contains an update to Flash (11.6.602.167). This Flash update has been pushed to Windows, Mac, and Chrome Frame platforms through component updater.” But what is the ‘component updater’, and how will it affect the version number of Chrome in Windows? There’s nothing on the Chrome support site about it. My own Chrome installation reports itself as being up to date at version 24.0.1312.57. Has Flash been updated in my installation or not? How can I determine what version of Flash is running in Chrome? Comments below the announcement linked above show other users similarly confused. Meanwhile, another new version was announced on Feb 14: “The Stable channel has been updated to 24.0.1312.71 for Windows Standalone Enterprise. This build contains an updated Flash (11.6.602.167).” That version at least seems to be targeted at Windows, but what is “Windows Standalone Enterprise”? It contains the same version of Flash as 24.0.1312.70, but again my version of Chrome reports that it is up to date at 24.0.1312.57. Not much we can do at this point except wait for Google to sort out this mess.
New versions of Adobe Flash
Yesterday Adobe announced version 11.6 of the Flash player. All platforms are affected.
Version 11.6 includes several security fixes, as well as some new features.
The technical details are available in the release notes and in the related security bulletin from Adobe: APSB13-05.
Anyone using Flash (e.g. Youtube) should install the new version as soon as possible.
Patch Tuesday for February 2013
It’s that time again: time to patch your Windows systems. This month there are twelve bulletins, addressing a total of 57 vulnerabilities in Windows, Internet Explorer and other Microsoft software.
The Microsoft Security Response Center’s post has all the technical details.
Here are the individual bulletins:
Advance notification for February 2013 Patch Tuesday
This month’s Patch Tuesday is on February 12. Patches should become available starting about 10am PST.
Updates this month comprise twelve bulletins, five of them critical, that address 57 vulnerabilities in Windows, Internet Explorer and other Microsoft software.
The associated security bulletin has all the technical details.
Flash player update fixes serious security issues
Yesterday, Adobe announced an update for Flash that fixes specific security issues that are currently being exploited on the web.
Anyone who uses Flash should install the update as soon as possible.
The new version for Windows XP, Vista and 7 is 11.5.502.149. The new version for Windows 8 (available as an update from Microsoft) is 11.3.379.14.
Firefox 18.0.2
The latest version of Firefox apparently fixes some Javascript stability issues.
On a related note: is it just me, or are the release notes for Firefox kind of messed up? Looking at the page for the latest release, I notice the following:
- The version being discussed doesn’t appear anywhere at the top of the page, in any headings, or in the page title.
- The first reference to the version is in the list of issues fixed in the What’s New section, but issues fixed in previous versions appear as well.
- What does appear in the page headings is “Notes (First offered to release channel users on February 5, 2013)”. Apparently this is telling us that the version being discussed was released on that date. But again, it’s not clear what version we’re talking about, unless you look at the page’s URL, which includes “18.0.2”.
- The link to a complete list of changes takes us to a page that lists changes going back several months, in previous versions. It’s a massive list, again with no version information, despite being on a page with a specific version in the URL.
- Comparing the complete list of changes for version 18.0.2 with the the list for version 18.0.1 shows that they are in fact identical. You have to go back to version 17.x to find a different list.
Confusing. To make matters worse, among all the Mozilla blogs, press releases and other related Firefox information on the Mozilla site, I’ve so far been unable to find a mailing list, feed or any other resource that simply announces new Firefox versions. I have to find out about new versions from SANS.
Opera version 12.14 fixes crashing issue
A new version of Opera was released on Monday. The only change is a fix for a crashing problem introduced in version 12.13.
Massive Java security update
Oracle/Sun has released update 13 for Java 7 (Java 7u13).
The update was originally scheduled for release on February 19, but given all the recent security issues, Oracle decided to get the latest patch out there as soon as possible.
The update includes fifty bug and security fixes. The issues addressed are listed on the associated Critical Patch Update Advisory. Oddly, the update version (7u13) is never mentioned once on that lengthy page.
Recommendations:
- If you use Java, update it ASAP.
- Don’t depend on the Java auto-updater to update Java: do it manually.
- Don’t assume Java is now safe. Until security researchers like Adam Gowdiak give Java 7u13 a thumbs-up, assume it’s still vulnerable.
- Disable Java plugins in your web browser unless you have no choice.
- Continue to be extremely careful when browsing the web.
Opera 12.13 released
Version 12.13 of the Opera web browser includes several bug and security fixes. The official release notes have all the details.