Tag

Vulnerability

Browsing

Microsoft has released 13 security patches for this month’s Patch Tuesday, fixing vulnerabilities in Windows, Office, and Internet Explorer. Out of the 13 security patches, 5 are rated as critical and should be installed by every Windows users. These critical patches are essential fixes for vulnerabilities discovered in Windows.

Apple has released iOS 9.2.1 three days back. iOS 9.2.1 is a minor update for iOS 9.2 as clear from its version number. It does not included any major feature changes or enhancements. The official release notes only reference bug fixes, security improvements, and an MDM server issue fix. Normally, most iOS users skip small minor updates but we will highly recommend not to skip iOS 9.2.1. We highly recommend all iOS device (iPhone, iPad or iPod touch) owners running iOS 9 to update to iOS 9.2.1 asap.

Google today released Chrome 48 for Windows, Mac, and Linux. Chrome 48 adds custom notification buttons and removes support for unsecure RC4 encryption. If you have Google Chrome installed, your browser should have silently updated already. You can confirm it by looking at the version number displayed in the About window. You can also manually check for update using the same. Chrome’s built-in updater will start updating your browser if it has not done it yet. You can also download Chrome directly from google.com/chrome.

Adobe has released Adobe Flash Player update v. 20.0.0.267 to fix at least 19 security flaws in the program, including one 0-Day bug that is already being actively exploited in attacks. The new Flash Player update is available for Windows, Mac OS X and Linux users.

The new Adobe Flash update v. 20.0.0.267 includes a fix for a 0-Day vulnerability (CVE-2015-8651), which according to Adobe is being actively used in “limited, targeted attacks.”

Apple releases Mac OS X 10.11.1 El Capitan update soon after announcing the release of the iOS 9.1 software update. OS X 10.11.1 is the first point release of the OS X 10.11 El Capitan operating system.

Apple OS X 10.11 El Capitan computer operating system for Mac was released worldwide on September 30, 2015. During that same time, Apple was already developing OS X 10.11 update. Apple released four beta releases for both Public Beta testers and Apple Developers enrolled in the Apple Beta Software Program could test before releasing the final build on October 21, 2015.

Apple released iOS 8.1.1 for all supported iPhone, iPad, and iPod touch devices. iOS 8.1.1 (build 12B435, build 12B436) includes many bug fixes and general performance enhancements to improve the overall stability of iOS 8.

As said earlier, iOS 8.1.1 update is mostly about bug fixes and stability enhancements. It includes performance enhancements for old iOS devices (iPad 2 and iPhone 4s). If your iOS device is running iOS, you can download iOS 8.1.1 either via OTA (Over The Air) or using iTunes. If you are an advance user, you can use the IPSW file (links at the end of this post) to update to the latest iOS version.

Microsoft’s Patch Tuesday is here for this month. In this month Microsoft is fixing 66 vulnerabilities. These vulnerabilities affects Windows, Office, and Internet Explorer.

This month, vulnerabilities in Internet Explorer is making the headlines. Microsoft Patch Tuesday fixes 59 security issues in Internet Explorer using a single Cumulative Update out of the total 66 security issues it is fixing this month. 

VeraCrypt is an on-the-fly encryption utility, a fork of TrueCrypt. A software fork means that the software is using the source code of the original but it’s not a clone.

Before we talk more about VeraCrypt, here’s what happened to the original TrueCrypt software. TrueCrypt (discontinued now by its original developers) was the most popular encryption software. The sudden abandon of the open source project left many speculations and even led to many conspiracy theories. Official TrueCrypt website started redirecting to SourceForge page. Official announcement stated that TrueCrypt is “not secure” and may have “security issues.” The developers even asked users to use Microsoft Windows BitLocker to encrypt data. The internet was abuzz about the sudden death of the popular project. Many infosec people started suggesting TrueCrypt alternatives. Since VeraCrypt is a fork of TrueCrypt, users may consider it as a good alternative of TrueCrypt.

Apple released iTunes 11.2 and OS X Mavericks 10.9.3 update recently. After installing the updates, OS X Mavericks users found that the /Users folder appeared missing. Although there’s a way to manually restore the folder but it involved running a single command on the Terminal (more about it later). Apple quickly released iTunes 11.2.1 update for OS X users to fix the /Users and /Users/Shared folders missing bug. The bug can allow a local user compromise other local user accounts. The issue mainly occurred when Find My Mac is enabled in iCloud system. The latest iTunes update is available only for Mac OS X 10.6.8 or later users. The latest version of iTunes for Windows still remains at iTunes 11.2 as Windows users are unaffected by the bug.