Updates 2020-04-08

Doesn’t it still feel like April Fools’ Day, Folks?

It’s not Patch Tuesday, but updates from Apple, Google, Mozilla, Zoom, and others have triggered an out-of-cycle update.

This Month/Week in Technology

What do you do when you’re locked in a box? You look for ways to get out, even if it’s only virtually. Zoom has become the de facto video-chat client over the last couple months, and its sudden rise to success has brought some peril as well. Several security vulnerabilities, massive privacy issues, and more.

While these are serious issues, it’s not just Zoom that’s having problems keeping their systems secure.

Apple’s macOS and iOS are both vulnerable to rather simple security bypasses with misspellings dyslexics wouldn’t fall for, and their default-allow behavior for all Apple-provided apps means that a malicious website could enable the camera or microphone on any Safari users device, which accounts for about half of all mobile devices and the vast majority of browsing from macOS.

HP Support Assistant, like Dell SupportAssist, is vulnerable to several remote-code execution attacks.

Windows is currently suffering from a font-parsing bug that enables a malicious font to hijack your computer. Since any website can push its own fonts, this is a big deal.

Tests by Cisco’s Talos with fingerprint authentication demonstrate that fingerprint sensors can be quickly bypassed about 80% of the time with the right planning and hardware.

Even video games are being used to mine cryptocurrency on your hardware.

Slow adoption to fix weaknesses in the design of BGP means anyone can still hijack access to very popular sites with almost no effort.

Like improperly secured AWS ElasticSearch databases, Docker clusters are now suffering from passwordless entry to control instances.

There’s no such thing as perfect security. In everything, you will always depend on things you can not control.

So if someone contacts you about a security issue, you should take them seriously.

And you’d be a fool to make claims that your security is unbreakable. Especially while screwdrivers exist.

Still trust government? Secret courts, investigators not even following the minimal requirements of their position. What could go wrong? The FBI broke FISA rules in every single case the Inspector General studied.

The quarantine has forced even NASA to be closed off from the rest of the world. In doing so NASA reports that they’re seeing an “exponential” jump in malware attacks. Either the staff at NASA isn’t as technically competent as one would expect, or that their CIO just can’t math.

Now for the good news:

A huge unusual hole has opened over the Arctic! This may not sound like good news, but hopefully they’ll perform some research to identify the cause is the recent release of 5G and nip it in the bud, and in so doing finally put an end to this plandemic as well.

Let’s Get Busy

iOS 13.4.1 is a security update. Use Settings, General, Software Update to install the most current version.

Google Chrome OS 80.0.3987.162 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget, next week is the real Patch Tuesday, so expect security updates from Microsoft, Apple, Oracle, and much much more in less than a week.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Browser Updates

One or more of these are likely to be of interest to everyone.

Brave 1.5.123 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/

Google Chrome 81.0.4044.92 is a security update. Use Menu, Help, About to install the most current version.

Firefox 75.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 68.7.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.11.1811.52 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Internet Updates

One or more of these are likely to be of interest to everyone.

Zoom 4.6.20033.0407 is a security update.
https://zoom.us/

Npcap 0.9990 resolves several bugs. This is not a security update.
https://nmap.org/npcap/

Media Updates

These are unlikely to be of interest to most people.

Flickr Downloadr 3.3.1.1 resolves several bugs and update packaging process. This is not a security update.
https://flickrdownloadr.com/downloads/

Security Software Updates

One or more of these is likely to be of interest to most people.

uBlock Origin 1.26.0 resolves several bugs, improved DNS controls and defusers, and adds remove-class scriptlet. This is not a security update.

Capture Updates

These are unlikely to be of interest to most people.

ScreenToGif 2.23 resolves several bugs. This is not a security update.
https://github.com/NickeManarin/ScreenToGif/releases/latest

Converter Updates

These are unlikely to be of interest to most people.

MKVToolnix 45.0.0 resolves several bugs, improves multiplexer and error handling. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

Utility Updates

These are unlikely to be of interest to most people.

1Password for Windows 7.4.763 improves install/uninstall, and resolves several bugs, including a master password storage bug. This is not a security update.
https://1password.com/downloads/windows/

BulkFileChanger 1.71 resolves a type detection bug. This is not a security update.
https://www.nirsoft.net/utils/bulk_file_changer.html

NTLite 1.9.0.7407 adds new settings controls, improves compatibility, and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

Homedale 1.87 improves channel detection. This is not a security update.
https://www.the-sz.com/products/homedale/

Easy2Boot 2.01 adds isowin support, and now uses the more accurate *bibyte (MiB, GiB) syntax for partition sizes. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

MPI Tool Kit 0.098 updates SWITCH_E2B and grub4dos. This is not a security update.
https://www.fosshub.com/Easy2Boot.html

Web Package Updates

These are likely to be of interest only to web developers.

Drupal 8.7.13 resolves several bugs that prevented successful updates from 8.6 and earlier. This is not a security update.
https://drupal.org/download

NextScripts Social Networks Auto-Poster 4.3.14 adds WordPress 5.4 support and improves compatibility with LinkedIn and Mailchimp. This is not a security update.

W3 Total Cache 0.13.2 resolves two minor bugs. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Leave a Reply

Your email address will not be published. Required fields are marked *