Re 8/17 security fix

Similar Messages

• HT6146 i have an iPhone 5 running IOS 6.1.4. I don't want to update to IOS 7 because I don't like it. Can I download 6.1.6 to my phone or am I now forced to move to IOS & to get this security fix?

  I have an iPhone 5 running IOS 6.1.4 and I don't want to update to IOS 7 because I don't like it. Can I download the security fix 6.1.6 or am I now going to have to go with 7.0.6 for this phone?

  This was my question exactly. Thanks for getting to the answer even though it's not what I wanted to hear. When I tried calling Apple earlier today to get an answer, I was unceremoniously disconnected twice while on hold for several minutes.

• Is there a workaround for connecting with https. the ssl/tls security fix is preventing us from connecting to a known trusted site

  i made the mistake of updating Firefox yesterday and with the ssl security fix find that i can longer connect to a web site at a remote data center that is protected by a fortigate appliance.
  i know the correct answer is to get the appliance upgraded or replaced but in the meantime i am in desperate need of a workaround. it would be nice if there was an archive of old Firefox versions.
  i have changed the config settings to allow renegotiation but i think the problem is more fundamental than that in that it doesn't appear that older versions of ssl are provided anymore.

  You're welcome
  It is better to use a .cmd or .bat file to set that environment variable and subsequently start Firefox and not set that variable in the system settings as it will there also affect other Gecko (XUL Runner) based software.<br />
  Then you can use a shortcut with that cmd file in case you really need it to access that site and run Firefox normally in other cases to be protected.
  <pre><nowiki>set NSS_SSL_CBC_RANDOM_IV=0
  start "" "C:\Program Files\Mozilla Firefox\firefox.exe"
  </nowiki></pre>

• What versions of Flash Player Still Receive Security Fixes?

  Greetings,
  I'm seeking a page that lists the supported vs. unsupported versions of Flash Player. That is, what versions are still eligible to recieve security fixes (regardless of OS).
  Thanks!
  Edit update:
  To be more clear and reword things: I'd like to find the annoucement pages for each unsupported version of Flash Player, that is, links to office Adobe content showing when certain versions entered an unsupported state.
  Thanks again!

  As far as I know, we don't have an official page that lists when a version stops receiving security fixes.  I suspect we'll do a blog post when this occurs and I'll also update in our announcement forum which you can find here:
  Is there a way to be automatically notified when a new Flash Runtime release is made?
  The announcement forum also lets you know when security udpates are made, and where to find both the 11.x and 10.3 updates.

• Will there be a security fix for my Mac ?

  Will there be a security fix for my iMac ?

  http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-70 6-patch/index.html
  Recommendations
  Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially WiFi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks.

• Update on Android Attack - Fake Android security fix is really another trojan

  Source from Android Central at http://www.androidcentral.com/fake-android-security-fix-really-another-trojan
  By now most everyone knows that Google has addressed the Droid Dream malware mess in the Android Market, used the kill switch and issued a fix, and is in process of rolling out said fix to all affected users.  But since Android users in general are an impatient lot, some folks have been on the lookout for the files to manually install the fix instead of waiting.
  Don't do it.
  The folks at F-Secure have found that at least one of the so-called security patch files floating around is really just another trojan.  This is social engineering at it's finest -- use the promise of security to really make things worse.  You can read the gory details of the BgServ.A trojan found in the fake patch at the source link, but the important thing is that you need to wait for Google to push you the fix if you downloaded one of the infected files.  Like every other patch for the OS, whether it's an updated version of Android or something less glamorous like a security fix, only install files from Google's servers.
  If you were affected by the malware, you should have received an email from big G, or will soon.  We have the full text of that message after the break, be sure to check that the sender is really Google, and sit tight.  They will get you all patched up. [F-Secure] Thanks Mike and Steven!
  You are receiving this message to inform you of a critical issue affecting
  your Android Market account.
  Hello,
  We recently discovered applications on Android Market that were designed to
  harm devices. These malicious applications ("malware") have been removed from
  Android Market, and the corresponding developer accounts have been closed.
  According to our records, you have downloaded one or more of these
  applications. This malware was designed to allow an unauthorized third-party
  to access your device without your knowledge. As far as we can determine, the
  only information obtained was device-specific (IMEI/IMSI, unique codes which
  are used to identify mobile devices, and the version of Android running on
  your device).
  However, this malware could leave your device and personal information at
  risk, so we are pushing an Android Market security update to your device to
  remove this malware. You will soon be receiving a notification on your device
  that says "Android Market Security Tool March 2011" has been installed. You
  are not required to take any action from there, the update will automatically
  run. You may also receive notification(s) on your device that an application
  has been removed. Within 24 hours of receiving the update, you will receive a
  second email confirming its success.
  To ensure this update is run quickly, please make sure that your device is
  turned on and has a strong network connection.
  For more details, please visit the Android Market Help Center at
  http://market.android.com/support/bin/answer.py?answer=1207928
  Regards,
  The Android Market Team
  ©2011 Google, Inc.
  1600 Amphitheatre Parkway
  Mountain View, CA  94043
  Email preferences:  You are receiving this email to notify you of a critical
  issue affecting your Android Market account.

  I agree this is overblown. By the time it hits the mainstream media, you'll notice it always takes on an alarmist tone. The issue has already been posted on this forum:
  Here
  http://community.vzw.com/t5/Android-Discussions/Android-Exploit-Credential-Theft/m-p/531658 
  And here:
  http://community.vzw.com/t5/DROID-by-Motorola/Android-2-3-4-to-Plug-Massive-Security-Hole-for-your-Droid/m-p/532590

• Security fix for Acrobat & Reader 8.1.2

  I just installed the security fix for Acrobat & Reader 8.1.2 from this link:
  http://www.adobe.com/support/security/bulletins/apsb08-15.html
  After the update there is nothing to indicate that it is actually installed.
  Going to Help About both Acrobat & Reader still shows Version 8.1.2 as before.
  Is there a way to tell if the patch is installed?

  My problem is same as Post #2
  I have downloaded the security update and still see AcroRd32.exe as File version 8.1.0.137. I've done this on more than one machine running XP/SP2 with every Windows update applied except SP3. I have deleted Acrobat Reader via Control Panel and then for good measure deleted the sub-directory C:\Program Files\Adobe\Reader 8.0\Reader manually.
  I downloaded again, ran updates until I got "There are no updates available at this time."
  I ran the security update as stated in the posts above(Post #16). This was verified via
  Computer Management > System Tools > Event Viewer
  Product: Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) -- Installation operation completed successfully.
  There are 2 files in C:\Program File\Adobe\Security Update
  HotFix64.exe and RdrSU.mst
  I just don't see where AcroRd32.exe version 8.1.2.215 or whatever is supposed to come from?
  I'm running this as Administrator and on 3 different machines each with the same result.

• Is there a security fix coming as there was for iPad and iPhone ?

  is there a security fix coming as there was for iPad and iPhone ?

  mykee59,
  security updates were also made available for Mountain Lion and Lion. Snow Leopard is apparently no longer supported.

• HT5228 What about a security fix for Java under Mac OS 10.4 and 10.5?

  Apple recognized and offered a fix for the Flashback trojan here:
  http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US
  But it is only for OS 10.7 and 10.6.  Presumably, users of 10.5 and 10.4 are still vulnerable.  Because Apple insisted on providing Java support, rather than Oracle, the fix that was released in February doesn't work unless Apple were to make it work.
  If Apple is unwilling to support Java for 10.5 and 10.4, they need to hand over whatever documentation Oracle would need so they can keep the Java environment (and security) up to date.  10.5 and 10.4 are still viable OSes and to not patch obvious security flaws in one way or another is irresponsible, at best.

  http://www.apple.com/feedback/ - Apple products feedback links
  I wouldn't expect anything to come of it.
  I have disabled Java on my browsers.  It isn't really neded all that often.

• Critical Acrobat 9.1 Security Fix & Upgrade

  There have been stories in the past few weeks about a critical JavaScript Buffer Overrun Attack in Acrobat and Adobe Reader. Adobe has now posted a critical security patch for current versions of Acrobat 9 and Adobe Reader 9.
  http://www.adobe.com/support/security/bulletins/apsb09-03.html
  The security bulletin reports:
  Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18.
  Its highly recommended that you update all your copies of these applications. There are also other bug fixes in the 9.1 upgrade. Here are the release notes:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb408814&sliceId=2

  I had something occur that wasn't in the instructions. It's probably no big deal, but thought I'd mention it here:
  After downloading the patch, I launched the .dmg file and was asked the following:
  Please choose the copy of Adobe Acrobat Pro to update.
  Below in the finder window it showed Adobe Acrobat Pro.app, Acrobat Uninstaller.app, and Acrobat Distiller.app.
  Now, I chose the first one; that makes sense to me. But now I do have a nagging question in my mind as to whether I also need to apply the patch to the other two apps. Does anyone know? I'm assuming "no," but you know what that say about assuming! :-)
  Thanks!
  Keith

• Installation of Network Time Protocol Security Fix

  Hi....
  Per App Store, I installed the fix with no issues clicking "install now."  But, Mom's Mac did the automatic install. She saw the message window saying a security update was installed.  But, in the Application Store Upgrade section, this security upgrade is not listed.  Previous software updates are listed. For "fun of it" I downloaded the pkg with the update and "re-installed" it on my Mac,  It installed.
  Questions:
  1. Did I mess up my Mac by doing the install twice?
  2. If not, can I do the same on Mom's Mac to be sure the update is installed?
  3. Why wouldn't the automatic install (on Mom's machine) not show up on the list of updates?  Is this the usual state for automatic updates?
  4. What could I look at to see if the update was installed besides the lupdate list where it doesn't show up.
  Thanks!

  John, many thanks!  Took me a bit to find the install.log, but yes, the entry was there.  For my "self install" on the package, log said, "Installed "NTPUpdateYosemite-2"
  BTW: I checked the fingerprint of the package I downloaded, and it did not match the fingerprint in this Apple article at How to verify the authenticity of manually downloaded Apple Software Updates - Apple Support     But, the fingerprint of the package I downloaded did match the fingerprint of the package for the "Digital Camera RAW Compatibility 6.02" package that came out Dec 15th.  So, I think that the package I used was legit.  Make sense?
  ALSO...I did find this info on Apple website posted today.  About OS X NTP Security Update - Apple Support   It has terminal command for seeing if your NTP is updated.  [Just saw you edited your reply to include this]
  And, finally....Thanks so much for helping a relative newbie to software "stuff"

• Is AskMate LLC a legitimate Mac security fixing company?

  As I was using my Safari to browse, I got a window which said something to the effect that my security had been breeched. For help, call (877)899-1824. They sent me a 6-digit code and were able to get into my whole computer. Name: Ask Mate LLC. They seemed to fix everything, but then, did they have a part in creating it? Who are they? Everyone sounded east Indian. They are located, supposedly, in Delaware. They wanted payment by check!
  Are they ligit????

  See A Browser Pop-up has Taken Over Safari. You might also consider installing ScamZapper, a Safari extension which prevents this specific kind of pop-up from displaying.
  (Note that I am affiliated with that site, and some pages contain ads).

• Is there a security fix for Java 6 Update 34 for OS X 10.5.8?

  Firefox is warning me my Java plug in is still a security risk, despite having the latest update for my system. Apple do not seem to have fixed Java 6 Update 34 for 10.5.8 users, only Java 6 Update 35, which is only for OS X 10.7 and higher.
  Any help or advice would be much appreciated, as I need Java for online tax returns!
  Thanks, in advance?

  P.S. Why are Apple ignoring their 10.5.8 customers? Not all of us can afford to replace our Macs with the latest models. Some of Apple's recent sharp practices regarding customer service and loyalty, are reminiscent of Microsoft's when it had an almost total monopoly on the PC software market.

• I do not want to update my iPhone 4 to IOS 7: how to obtain security fix for SSL?

  I have the iPhone 4 and I specifically made the decision not to upgrade to IOS 7 due to the many reports the iPhone 4 hardware is not powerful enough to run IOS 7 correctly.  This was fine for me until the SSL security hole was revealed.
  The phone is less than two years old and it's unbeliavable that the only choices available are to cripple the phone with IOS 7, continue using it with a well known and easily exploitable security hole or trash the phone.
  Is the IOS 6.1.6 bug fix available for the iPhone 4?
  What can I do?
  Thanks.

  puddlehopper wrote:
  Is the IOS 6.1.6 bug fix available for the iPhone 4?
  No, it is not.
  The iPhone 4 runs iOS 7 just fine.  Mine's been running fine for about nine months now, with no issues.
  You have the choices, as you've detailed them.  But before you trash the phone, you might as well update the iOS, and try it out for yourself.

• O.T. Irfanview Security Fix

  To fix an apparent security flaw,a new version of Irfanview is available - 4.10
  http://www.irfanview.com/main_download_engl.htm

  Malcolm,
  I've had the Windows version of XnView for a while, although I don't use it
  much. It seems to be a pretty potent utility and if it is available for
  Mac, it will certainly come in handy there.
  Juergen