Welcome back, Folks!
Today is Patch Tuesday for December, 2020. It’s a big one and huge updates are available for over a hundred applications. A new OpenSSL released today means that there will be even more updates released in the near future, so this is only the first of at least two update series’ to top off December.
This Month in Technology
Apple (and others) are trying to make slavery legal, Apple’s cloud services choked this month as a result of their new on-demand certification and telemetry collection nightmare, Big Sur even bricks some MacBook Pro models, but they’re admitting that they intentionally throttled their older hardware, and Apple had a major security issue that allowed total control of their iPhones over Wi-Fi. While Apple has fixed that bug, their hardware is vulnerable to new forensic tools used by foreign (and likely US) governments to clone all the data from your device. This is “Epic.” Apple is cutting their App Store fees to 15% for small developers.
K12 Inc, Foxconn electronics, the City of Long Beach, TransLink (Vancouver public transit), Embraer, Kopter, Shirbit, Randstad NV, Advantech, Bowie and Miller Counties (TX), and Baltimore County Public Schools have all been hit with ransomware. If you leave your backup drives connected (tethered or networked) then there’s growing evidence that the backups will be targeted by ransomware before your active data. And some ransomware gangs are cold-calling if you try to restore from backups.
Millions of IoT devices are vulnerable to a newly discovered vulnerability, thousands of PickPoint lockers, LSU Health New Orleans, AspenPointe, and PlutoTV have been hacked. Dell was hacked years ago which resulted in their data being abused for scam calls to Dell customers. Class action happening now.
Walmart routers and many TCL TVs have backdoors, Gionee implanted malware in 21 million phones, and battery backups are used to infect mobile devices. Google Services are still being used to distribute malware, Google ads are being used to steal MetaMask. A year after the US Army’s Stryker armored vehicles were hacked the Army is finally building security defenses, and in other US military news, the military violates your privacy through third-party apps.
Social media icons are being used to inject web skimmers that are now using WebSockets to exfiltrate data using secure CloudFlare services.
If you trust your choice of password simply because a poorly designed study says that it would take thousands or millions of years to brute force a password then you should take a look at how a single quantum computer process the equivalent of 2.6 billion (with a “b”) years of computation in only 4 minutes, but using the latest quantum hardware isn’t even necessary for the vast majority of passwords since humans are so predictable.
In a random collection of news: MBAM is disabling Windows Printers. HMRC (the UKs equivalent of the IRS) has been abused to send phishing and malware messages (I warned them about this months ago). There is no end to PayPal’s hypocrisy, nor their censorship. GitHub reversed it’s decision about YouTube-dl. Twitch has failed basic English. Comcast is capping data in 12-ish more states next year, but giving service away for free to many others. The running joke about how social censorship would be similar to your phone company preventing you from talking about certain subjects has proven to be more prescient than humorous. Cannibalism is coming to a grocery store near you. A few years ago I found that a number of IT and HVAC services in the SF bay area had their Google listings hijacked and reassigned as Korean Restaurants. It was only the beginning.
The “science” behind masks has never been scientific, but that won’t stop petty tyrants from mandating their use even while actively eating or drinking, or censoring dissenting voices. False positive tests are still leading the charge, but lockdown-related homicides are still exceeding “COVID” deaths. Censors will always target studies that demonstrate overreaching government intervention.
California is pushing out the Orwellian exposure tracking and notifications across the state.
Now for the good news:
When this election is finally resolved it’s unlikely to get to this point again any time in the near future.
As a perfect example of what 2020 has brought us – the South African lottery drew 5, 6, 7, 8, 9 and 10, which is insane enough, but the real story is that 20 people had actually selected those numbers.
Let’s Get Busy
Now back to our regularly scheduled program.
Patch Tuesday this month is huge. The typical computer should see roughly 2.5 GB in updates today. Let’s get started.
Microsoft released updates for Windows, Edge, and Servicing Stack (~ 1.5 GB). This includes security updates. A reboot is required.
Apple released updates for iCloud for Windows 11.5, and iOS 14.2.1. Expect an update to iTunes, too, in the next few days. These are security updates.
iOS 14.2.1 is a security update. Use Settings, General, Software Update to install the most current version.
Adobe Flash Player 32.0.0.465 is a security update. Since Flash is going the way of the dodo along with the Year from Hell, this could very well be the last time you may have to install a Flash update. You’re still better off removing it yourself instead of updating. 🙂
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac
Google Chrome OS 87.0.4280.88 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.
Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.
Important Notes
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
The release of macOS Big Sur (11.0) means that macOS High Sierra (10.13) and older are no longer supported. If you can not install at least macOS Mojave (10.14) on your Mac then you should immediately remove it from the Internet and use it offline only. It will no longer receive patches or updates and can now no longer be secured.
The now-current release of the Windows 10 (v2009) is huge (about 18% larger than v2004, which was 25% larger than any prior build) so will take a long time to download on slower connections. Windows 10 pushes you to get the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, this process kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com
Driver Updates
If you’re using this hardware – these updates are for you.
BullZip PDF Printer 12.0.0.2872 adds several new features, including improved email support, compatibility, and concurrent printing. This is not a security update.
https://www.bullzip.com/products/pdf/info.php#download
Crucial Storage Executive 6.09 doesn’t provide a changelog so should be treated as a security update.
https://www.crucial.com/support/storage-executive
Logitech Options 8.36.86 allows changing function keys, customizing mouse buttons, and adds on-screen battery notifications. This is not a security update.
https://www.logitech.com/en-us/product/options
Logitech Options for macOS 8.36.76 adds Big Sur support, allows changing function keys, customizing mouse buttons, gesture controls, and adds on-screen battery notifications. This is not a security update.
https://www.logitech.com/en-us/product/options
nVidia 457.51 adds support for new hardware, updates SLI profiles, and resolves several bugs. This is not a security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us
Browser Updates
One or more of these are likely to be of interest to everyone.
Brave 1.17.75 is a security update. Use Menu, Help, About to install the most current version.
https://brave.com/
Google Chrome 87.0.4280.88 is a security update. Use Menu, Help, About to install the most current version.
https://www.google.com/chrome/
Microsoft Edge 87.0.664.57 is a security update. Use Menu, Help, About to install the most current version.
https://www.microsoft.com/en-us/edge/business/download
Firefox 83.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/new/
Firefox ESR 78.5.0 is a security update. Use Menu, Help, About to install the most current version.
https://www.mozilla.org/en-US/firefox/organizations/all/
SeaMonkey 2.53.5.1 is a security update. Use Menu, Help, About to install the most current version.
https://www.seamonkey-project.org/
Vivaldi 3.5.2115.73 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/
Email Updates
One or more of these are likely to be of interest to everyone.
Thunderbird 78.5.1 is a security update.
https://www.thunderbird.net/en-US/
Internet Updates
One or more of these are likely to be of interest to everyone.
Dropbox 111.4.472 doesn’t provide a changelog so should be treated as a security update. This version is not reliable on Windows 8.
https://www.dropbox.com/
FreeFileSync 11.4 resolves several bugs, and improves compatibility. This is not a security update.
https://www.freefilesync.org/download.php
iCloud for Windows 11.5 is a security update.
https://apple.com/icloud
Technitium DNS Server 5.5 adds support for SRV records and resolves several bugs. This is not a security update.
https://technitium.com/dns/
WinSCP 5.17.9 resolves several bugs. This is not a security update.
https://winscp.net/eng/index.php
Zoom 5.4.59296.1207 adds meeting reminders, warnings for meetings that are only partially encrypted, and resolves several bugs. This is a security update.
https://zoom.us/
Media Updates
These are unlikely to be of interest to most people.
3tene 2.0.8 updates libraries, improves sync and face tracking, adds ability to call shortcuts, and resolves several bugs. This is not a security update.
https://en.3tene.com/
iTunes 12.11 doesn’t provide a changelog so should be treated as a security update.
https://www.apple.com/itunes/download/
Picard 2.5.2 resolves several bugs. This is not a security update.
https://picard.musicbrainz.org/
Game Updates
These are unlikely to be of interest to most people.
Steam 2020.12.07 is a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0
PlayStation PS4 8.01 improves reliability. This is not a security update. Note that Sony changed the URLs without adding redirects, so the new location to download updates has changed:
https://www.playstation.com/en-us/support/hardware/ps4/system-software/
Office Updates
One or more of these are likely to be of interest to most people.
Blender 2.91.0 adds several new features and controls. This is not a security update.
https://www.blender.org/download/
Adobe Acrobat (version yet to be announced) is a security update. Use Help, Check for updates to get the most current version…when it’s released.
Adobe Reader (version yet to be announced) is a security update. Use Help, Check for updates to get the most current version…when it’s released.
Adobe Lightroom 10.1 is a security update.
https://creativecloud.adobe.com/apps/all/desktop
Adobe Experience Manager 6.5.7.0 and 6.4.8.3 are security updates.
https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html
Adobe Prelude 9.0.2 is a security update.
https://creativecloud.adobe.com/apps/all/desktop
Security Software Updates
One or more of these is likely to be of interest to most people.
Gpg4win 3.1.14 updates libraries and resolves several bugs. This is not a security update.
https://www.gpg4win.org/download.html
Nmap 7.90 adds 1,200 new fingerprints, resolves over 70 bugs, and provides several new features. It also removes silent install. 🙁 This is a security update.
https://nmap.org/download.html
Npcap 1.00 is the first stable release of Npcap. This is not a security update.
https://nmap.org/npcap/
RogueKiller 14.8.0 resolves several bugs. This is a security update.
https://www.adlice.com/download/roguekiller/
uBlock Origin 1.31.2 resolves reliability in Chromium. This is not a security update.
https://github.com/gorhill/uBlock/releases/latest
Tails 4.13 is a security update.
https://tails.boum.org/install/dvd-download/index.en.html
OpenSSL 1.1.1i is a security update. Releases of OpenSSL always trigger updates for every other platform that uses networking in any way, so expect a series of updates for every other web platform you use in the near future.
https://www.openssl.org/
Capture Updates
These are unlikely to be of interest to most people.
SnagIt 2021.0.2 resolves several bugs. This is not a security update.
https://download.techsmith.com/snagit/enu/snagit.exe
Converter Updates
These are unlikely to be of interest to most people.
DVDFab 12.0.0.9 adds support for new encodings, resolves several bugs, and improves stability. This is not a security update.
https://www.dvdfab.cn/download.htm
Utility Updates
These are unlikely to be of interest to most people.
1Password for Mac 7.7 adds Privacy integration, unlock with Apple Watch, MDM integration, improved password generator, and resolves over 100 bugs. This is a security update.
https://1password.com/downloads/mac/
Agent Ransack 2019.2951 improves performance at idle and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/agentransack/download/
Bitwarden 1.23.1 resolves bugs with SSO and improves GDPR compliance. This should be treated as a security update.
https://bitwarden.com/
DesktopOK 8.08 resolves several bugs and updates language support. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK
Etcher 1.5.112 updates libraries, and resolves several bugs. This is not a security update.
https://www.balena.io/etcher/
Everything 1.4.1.1000 resolves a bug with silent installation, wide-character comparison, name munging and other bugs. This is not a security update.
https://www.voidtools.com/
FileLocator Pro 8.5.2951 improves performance when idle and resolves several bugs. This is not a security update.
https://www.mythicsoft.com/filelocatorpro/download
GoodSync 11.4.9 resolves dozens of bugs. This is not a security update.
https://12pd.com/click?goodsync
Homedale 1.90 adds support to load access points from CSV and improves frequency usage chart. This is not a security update.
https://www.the-sz.com/products/homedale/
HWMonitor 1.43 adds support for new hardware. This is not a security update.
https://www.cpuid.com/softwares/hwmonitor.html
MS ISO Downloader 8.44 adds support for new media (including Win10 20H2v2) and resolves several bugs. This is not a security update.
https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool
NTLite 2.0.0.7726 resolves several bugs. This is not a security update.
https://www.ntlite.com/download/
Aomei Partition Assistant 9.0 adds shred files support. This is not a security update.
https://www.diskpart.com/
PointerStick 4.88 updates language support. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick
Rufus 3.13 adds support for a 20H2v2, adds support to cheat certain disk images, improves error handling, and resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html
Sysmon 12.03 fixes reporting and a possible crash condition for certain rules. This should be treated as a security update.
https://live.sysinternals.com/
SDelete 2.04 provides a new switch to avoid file/directory ambiguity. This should be treated as a security update.
https://live.sysinternals.com/
WinObj 2.23 resolves several bugs. This is not a security update.
https://live.sysinternals.com/
TaskSchedulerView 1.60 adds support for exporting tasks to JSON, and updates HTML export to HTML5. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html
TeamViewer 15.12.4 resolves several bugs, improves performance, and adds support for more web cameras. This is not a security update.
https://www.teamviewer.com/en/download/windows/
WinScan2PDF 6.33 improves detection and operation with some hardware, updates language support, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF
Developer Updates
These are unlikely to be of interest to most people.
DB Browser for SQLite 3.12.1 resolves several bugs. This is a security update.
https://sqlitebrowser.org/
Inno Setup 6.1.2 adds Print support and resolves several bugs. This is not a security update.
https://www.jrsoftware.org/isdl.php
Node.js 12.20.0 updates libraries and resolves several bugs. This is a security update.
https://nodejs.org/en/
Node.js 14.15.1 is a security update.
https://nodejs.org/en/
Node.js 15.3.0 updates libraries and resolves several bugs. This is a security update.
https://nodejs.org/en/
SQLite 3.34.0 resolves several bugs. This is not a security update.
https://www.sqlite.org/download.html
Web Package Updates
These are likely to be of interest only to web developers.
Adminer 4.7.8 adds support for PHP 8 and disallows connecting to privileged ports. This is not a security update.
https://www.adminer.org/en/
Drupal 9.0.10 is a security update.
https://drupal.org/download
Drupal 9.1.0 resolves several bugs. This is not a security update.
https://drupal.org/download
HumHub 1.7.1 resolves several bugs. This is not a security update.
https://www.humhub.com/en/download
Joomla 3.9.23 is a security update.
https://www.joomla.org/
Nextcloud Server 20.0.2 resolves dozens of bugs. This is not a security update.
https://nextcloud.com/
phpList 3.5.8 adds new functionality to AJAX form and updates libraries. This is not a security update.
https://www.phplist.org/
ScreenConnect 20.12.1734.7640 resolves several bugs. This is not a security update.
https://www.connectwise.com/software/control/download
WordPress 5.6 updates libraries, adds several new features and blocks, a new theme, and more. This is not a security update.
https://wordpress.org/download/
BuddyPress 6.4.0 is a security update.
Contact Form 7 5.3.1 now passes last_contacted based on submission timestamp. This is not a security update.
Multisite Enhancements 1.5.4 fixes favicon. This is not a security update.
Theme My Login 7.1.2 improves stability and resolves several bugs. This is not a security update.
WooCommerce 4.8.0 resolves several bugs. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Regards,
Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/