Hello everyone,
It’s just not enough to keep your Operating System patched. Many malicious exploits are finding entrance into your machine through third party programs. Below are the February 2015 third party patches. I recommend removing local admin rights on your computer (#4 here) to lower the risk of being bit by software like Adobe, Chrome, and Firefox. Get updated/patched as soon as possible!
Key: 1)Identifier 2)Vendor/Product Version Affected 3)Date Released by Vendor 4)Vulnerability Info. 5)Vendor Severity/Recommendation
APSB15-04
Adobe Flash Win/MAC before 16.0.0.305, Linux before 11.2.202.442
2/19/2015
Arbitrary Code Execution Critical: Priority 1
Upgrade within 72 hours
40.0.2214.115
Google Chrome Win/Mac/Linux before 40.0.2214.115
2/19/2015
Privilege Escalation, Denial of Service, Security Bypass,
Update after testing
35
Mozilla Firefox Before 34
2/5/2015
Arbitrary Code Execution,
Denial of Service
Update after testing
Best wishes,
Randy The Tech Professor
4:18 am on March 2nd, 2015 1
Actually, version 36.0 is the latest and major upgrade for Firefox.
Adobe also updated Shockwave Player to 12.1.7.157 on February 28:
http://www.adobe.com/shockwave/welcome/
http://get.adobe.com/shockwave/
VLC Media Player has a MAJOR update from 2.1.x (Rincewind) to 2.2.0 (Weatherwax). This highly-regarded and trustworthy freeware can play a large majority of media out there.
This helps with security because VLC’s many codecs are INTERNAL to the program, obviating the need to constantly download codecs to cope with a variety of media (e.g. you need to download and install a DivX codec / plugin to allow WMP, Windows Media Player, to play DivX movies). Searching for codecs can lead to dubious sites or codecs. Even with non-malware codecs, having competing codecs (e.g. from downloading and using codec “packs”) can lead to incompatibility or instability.
http://www.videolan.org/
http://www.videolan.org/vlc/releases/2.2.0.html
http://www.videolan.org/news.html
5:17 am on March 6th, 2015 2
Two more updates
Java JRE 8u40 is the latest.
Yep, it seems like Oracle changed the installer, so it does NOT remove previous versions. Unless you know you need a specific previous version, remove all of them (e.g. Windows Control Panel | Programs and Features, then uninstall previous versions). Or at least use the Java Control Panel to disable previous versions (Java tab, to “View and manage Java Runtime versions and settings for Java applications and applets.)
http://java.com/en/download/installed8.jsp
http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.html
The Chrome browser has a MAJOR upgrade from 40 to 41, currently 41.0.2272.76 on March 3, with 51 security fixes and lots of changes.
http://googlechromereleases.blogspot.com/
I think this update introduces one new bug; relaunching after update caused my main/regular Chrome window to lose half its tabs (out of 10 tabs) – never had this happen before. To be safe, you may want to bookmark your tabs before relaunching (or look at your history to recover visited sites). Further restarts didn’t lose any more tabs, so the bug may be in the relaunch function.
BTW, after years of bitching by users, Chrome finally offers “normal” standalone/offline installers. Yes, Google did have crippled ones in the past, but strongly discouraged their use – and “dead-ended” those installations by TAKING AWAY THEIR ABILITY TO UPDATE! Not anymore:
Alternate (offline) Google Chrome installer (Windows)
http://support.google.com/installer/answer/126299?hl=en
5:49 am on March 17th, 2015 3
Adobe updated Flash Player to version 17.0.0.134 for most browsers on March 12:
http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
The latest Chrome update to 41.0.2272.89 on March 10 incorporates this flash version in its internal “Pepper” Flash Player.
And Firefox has a minor update to 36.0.1, on top of the 36.0 major upgrade.
5:01 pm on March 17th, 2015 4
Thanks for the update WL!