Before I begin this time I’d like to take a moment to point out the prescient Dilbert comic from Monday. This Tuesday there were more updates released in any single day, throughout the day, than since last Fall. Many, unfortunately, will require reboots.
Microsoft has released an out-of-cycle security update for Internet Explorer. One of the vulnerabilities it corrects is actively being exploited against IE6 and IE7, though this includes updates to IE8 as well. This is a security update. A reboot is required.
Apple has been busy this month:
OSX 10.6.3 and update 2010-002, iPhone Configuration Utility, Final Cut Studio, iMovie, Aperture, Logic Express & Pro, and more than a dozen printer drivers (including a Bounjour Print Services client). This includes several security updates, at least four of which are remotely exploitable and in the wild now. The most common flaw within these vulnerabilities is an overrun within TIFF image processing, which effectively allows an attacker to do anything they like with your Mac if ANY of the flawed applications are installed on your machine, simply by getting you to visit a webpage. This is a security update. Use the “Apple Updater” to get the most recent versions of all affected software. If that doesn’t work (errors are raised during download, for example) use the following link to individually download and install each update (using the Apple Updater as a guide to which downloads are required):
iTunes 9.1 and Quicktime 7.6.6 were also released today. These are both security updates. The vulnerabilities can be exploited simply by opening an evil site (or a trusted site with ads on it) within any browser on your computer. Ideally, you should use the Apple Updater, but if that doesn’t work for you (or you didn’t install it), you can obtain the updates at the links below. If you have iTunes installed, use:
Otherwise, install only the QuickTime update, and ONLY if you already have Quicktime installed:
Java Runtime 6u19 adds a couple dozen bugfixes, including “mitigating” (though not exactly eliminating) more than one significant security issue. This is a security update. All users should update ASAP:
If you’re using a 64bit machine and use both 32bit and 64bit browsers, you should also install the 64bit version, available here:
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.
If you’re using this hardware – these updates are for you.
NVIDIA Forceware 197.13 increases performance and exposed features for several newer games. This is not a security update.
ATI Catalyst Drivers 10.3 introduces support for various additional hardware and mobility support under Windows 7, as well as optimizations for recent games. This is not a security update.
IntelliPoint 7.1 corrects several bugs and enables repeating macros, configured through custom button assignments. This is not a security update.
One or more of these are likely to be of interest to everyone.
Firefox 3.6.2 corrects a half dozen security issues, as well as several other stability bugs. This is a security update. If you have firefox installed, update NOW!
Hamachi 22.214.171.124 provides the simplest VPN setup I’ve ever seen. As no changelog is provided, this should be considered a security update.
Skype 126.96.36.199 fixes a URL security bug as well as a payment issue. This is a security update.
Safari 4.0.5 is a security and stability release. This is a security update.
Opera 10.51 corrects over 2 dozen bugs in the 10.50 version, including two remotely exploitable security bugs. This is a security update.
Trillian for Mac 1.0 Build 105: Universal binary and Facebook/XMPP integration! This is not a security update.
Trillian 1.1 for iPhone: Landscape, Facebook Chat, 7-day signout, various filters, UI improvements and more consistent connection preferences pulled from the desktop application. This is not a security update.
Get it from the App Store.
Yahoo! Messenger 10.0.0.1258 corrects several unidentified security bugs. This is a security update.
GoodSync 8.1.9 fixes a crash on uninstall, logoff issues, provides the ability to sync on a schedule, network queuing for enterprise distribution, adds a new “Good Explorer” system for navigating the remote structure, batch activations, FTP syncing fixes, SFTP security update, and adds a “Sync on Logoff” feature. This is a security update.
uTorrent 2.0 Build 18620 fixes a minor settings bug. This is not a security update.
FileZilla 188.8.131.52 corrects a half-dozen bugs, including issues with site-specific bookmarks & file-renaming. This is not a security update.
SmartFTP 4.0.1085.0 fixes several issues in “find” functionality, as well as a remote browser sorting bug. This is not a security update.
Miranda 0.8.17 provides two new minor features and several fixes to Gadu-Gadu, MSN Messenger and Jabber protocol handling. This is a security update.
One or more of these are likely to be of interest to most people.
Intuit released a 235mb update to QuickBooks that, among other things, corrects a really annoying PDF printing compatibility issue on 64bit machines, as well as Payroll and Sales Tax bug fixes (if you’ve experienced them, you know exactly what I’m talking about). This is not a security update.
Scribus 1.3.6 adds new scripting functionality, usability improvements and broader color palettes, in addition to much anticipated documentation updates. This is not a security update.
Adobe released a security update to Premiere Elements, which should be installed by any Adobe Premier users. This is a security update. Use Help, Check for Updates, or download the updater from the link below:
Security Software Updates
One or more of these is likely to be of interest to most people.
Malwarebytes Anti-Malware 1.45 adds an update scheduler, new flash scan option, web policy blocking, stability and performance improvements, and heuristics engine updates. This is a security update.
SuperAntiSpyware 4.35.1000 introduces “Rootkit Uncover” to help detect and remove deeply hidden malware, as well as engine updates. This version also incorporates a 32/64 merged installer so if you’re downloading for multiple computers you no longer have to worry about whether it’s the right install package. This is a security update.
Note that SAS now provides a portable scanner, too, available here:
AntiVir Personal 10.0.0.561 is a major update for Avira AntiVir. Several additional features (a “pile” of features according to Avira) are included in this releas, including “generic repair” (which attempts to make additional repairs to a system instead of simply deleting the infected files), ProActiv (behavior tracking), improved installation process, and (for the premium version) extensive parental control features. This is a security update.
These are unlikely to be of interest to most people.
Picasa 3.6 Build 105.56 corrects numerous crash bugs and a couple translation errors. This is not a security update.
CDBurnerXP 184.108.40.2067 adds additional functionality, as well as a dozen bugs. This is not a security update.
ImgBurn 220.127.116.11 adds numerous features, and corrects dozens of bugs. This is not a security update.
Any Video Converter 3.04 incorporates newer codecs and hardware support. This is not a security update.
Windows 7 Codec Package 2.4.5 updates several codecs, corrects several MKV handling issues, and fixes a couple interface bugs. This is not a security update.
Vista Codec Package 5.6.5 updates several codecs and fixes a couple interface bugs. This is not a security update. Note that Vista Codec Package DOES support Windows XP. If you’re having trouble on an older machine getting web or downloaded audio or video to play, try this Codec package!
These are unlikely to be of interest to most people.
VirtualBox 18.104.22.168338, the first release since the Oracle buyout of Sun, provides several dozen fixes, including stability and performance changes. This is not a security update.
iPhone Configuration Utility 2.2 and MobileMe Control Panel 1.5.1 both add support for the iPad, as well as correcting other issues, including the TIFF security issue detailed above. If you don’t use these applications, don’t install them. 🙂 This is a security update.
http://support.apple.com/kb/DL926 (iPhone Config)
http://support.apple.com/kb/DL769 (MobileMe CP)
CPU-Z 1.54 provides additional hardware detection support. This is not a security update.
GPU-Z 0.4.0 includes support for newer hardware, as well as correcting a couple minor bugs. This is not a security update.
CCleaner 2.30.1130 improves performance and reliability for cleaning. This is not a security update.
Microsoft has released updates to several SysInternals tools, including Process Explorer (expands upon the categorical details within each process), VMMap (correcting a mathematical error under 64bit) and DiskView (providing better disk mapping performance). This is not a security update.
Web Package Updates
These are likely to be of interest only to web developers.
phpMyAdmin 3.3.1 corrects a handful of bugs, primarily related to the recent user interface changes. This is not a security update.
That’s all for now folks. Keep it clean out there. 😉
Shawn K. Hall