I don’t usually post about Apple software, but the QuickTime Player is installed on many Windows computers, so it falls into a kind of grey area.
Apple recently released an update for QuickTime to address at least nine vulnerabilities it exposes on Windows 7 and Vista computers. Anyone who uses QuickTime on Windows 7 or Vista should install the new version of QuickTime as soon as possible.
I no longer have QuickTime installed on my main computer. Downloaded QuickTime media files play in a combination of VLC and Windows Media Player. There’s no QuickTime player plugin in my my main web browser, either, but I don’t really mind not being able to see QuickTime media embedded in web pages. If I really need to see that content, I can always download it.
If you’re not sure whether you have QuickTime installed, or want to find out how QuickTime media is played on your computer, you can try playing these QuickTime sample media files.
The latest version of Google’s web browser is 44.0.2403.157. The announcement is again light on details, but the change log shows that this version fixes a few minor bugs, some related to Windows 10. It doesn’t look like there are any fixes for security vulnerabilities.
There’s a new version of Adobe’s Shockwave Player. It’s not clear when the new version appeared, since there was no official announcement. There’s nothing at all on the release notes page, other than the fact that the most recent version of Shockwave is 12.1.9.160.
You can download the new version from the main Shockwave page, which also shows the most recent version as 12.1.9.160. You can check what version of Shockwave is installed (if any) on your computer at the Shockwave Help page.
The latest offering of Java from Oracle is version 8, update 60. This new version adds some uninteresting functionality and fixes a few bugs. Some of the fixes are related to security, but none appear to address critical vulnerabilities, so there doesn’t seem to be any urgency about updating. See the release notes for additional details.
Earlier today, Microsoft issued a special update (MS15-093) to address a critical vulnerability in all versions of Internet Explorer. The new Edge browser is not affected.
Normally, security updates for IE are provided on monthly Patch Tuesdays. Since Microsoft is making this update available outside the regular update cycle, we can assume that exploits for the vulnerability have been observed in the wild.
The vulnerability is a bad one. Merely visiting a specially-crafted web page with Internet Explorer can cause malicious code to execute, leading to the possibility of an attacker installing just about any kind of software or accessing any information on the affected Windows computer.
If you use Internet Explorer, please use Windows Update to install this patch as soon as possible.
There are big improvements to password handling in the newest version of WordPress:
You start out with a strong password by default and you are given the option to keep it or choose your own. A password strength meter is available as well as the option to hide your password from prying eyes. WordPress will no longer send passwords via email and the password reset links will expire in 24 hours. E-mail notifications will be sent out in the event that an e-mail or password is changed.
The release notes for WordPress 4.3 list other changes. There are no security vulnerability fixes in this version, so updating is not urgent, but the password-related changes alone are worth the trouble.
Version 40.0.1 appeared briefly on the Firefox download page yesterday, but it was removed almost immediately. Then 40.0.2 appeared, and it seems to be staying put. The release notes reveal that the new version fixes a few minor bugs, but none of those bugs seem to be related to security. There was, as usual, no proper announcement for this version.
Chrome updates now happen so frequently, and they so rarely cause problems, that I no longer have any qualms about the browser’s auto-update mechanism. Of course, if a Chrome update makes the browser unusable, I can use another browser for however long it takes Google to fix it, which would not be the case for a bad Windows update.
The release announcement for Chrome 44.0.2403.155 doesn’t provide any details, which is starting to become the norm, sadly. And Google was doing so well with this…
Parsing the change log reveals that the new version contains fixes for a few minor issues, including at least one related to stability.
The newest Firefox is version 40, and as usual there was no proper announcement. There’s a post on the Mozilla blog that gets into the details of version 40’s security improvements, but it never mentions the version. The release notes provide additional details. Here are some of the more notable changes:
Improvements to Windows 10 support, including workarounds for the way Microsoft messes up default browser settings
Add-on certification: non-certified add-ons will be disabled by default
Improvements to visual style: for example, the ‘close’ button on tabs is now larger
Expanded malware protection, which warns users about to visit sites that are flagged by Google’s Safe Browsing Service
Ah, Patch Tuesday. Of all the tasks we have to perform, there’s nothing quite like it: it’s both tedious and critically important. I’m starting to consider enabling automatic updates, but given Murphy’s Law, no doubt the moment I do that, Microsoft will issue a catastrophic update.
This month we have fourteen updates from Microsoft, affecting the usual culprits (Windows, Internet Explorer, Office, Silverlight, .NET), plus a few new ones: Lync and Edge, the new web browser in Windows 10. Four of the updates are flagged as critical. The updates address a total of 58 vulnerabilities. The update for Silverlight brings its version to 5.1.40728.0. Several of the updates apply to Windows 10. One of the updates addresses a nasty bug that could allow an attacker to execute malicious code from a USB thumb drive.
Adobe is once again tagging along this month, releasing a new version of Flash (18.0.0.232) that addresses a whopping thirty-four vulnerabilities. Needless to say, you should install the new version as soon as possible if you still use Flash in any web browser. Internet Explorer 10 and 11 in Windows 8.x will receive the Flash update via Windows Update, as will the new Edge browser in Windows 10. Chrome will update itself to use the new version.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13