Patch Tuesday January 2017: all the patch news you need for your business this month.
Patch Tuesday January 2017
First some general news. CVE Details, a group that tracks most of the tech world vulnerabilities, released their 2016 list of top vulnerabilities. Android had the most security holes last year but by vendor, Adobe tops the list mainly for Flash.
After analyzing the top list for 2016 by product and vendor, I recommend you patch Android devices first, then Apple devices (both iThingys and OS X devices) and then Microsoft. The reason why I picked Apple is that it is number 4 on the list per vendor (behind Microsoft) but people neglect Apple updates. And they underestimate the threat to Apple products. There are lots of ransomware apps and browser hijackers aimed at Apple products.
What a surprise, yet another Hot Flash update from Adobe this month for both Windows and Mac users. And it fixes vulnerabilities Adobe says are not being used by hackers yet. Give the hackers a day to backwards engineer the patch.
The most appalling update from Adobe this month is for Acrobat and Reader. As usual Adobe is bundling crapware with this security update. But what they are concealing is that in the update is an add-in for Chrome which sends telemetry back to Adobe. So Adobe is using this update to spy on your browsing of PDFs files on the Internet.
You can uninstall this add-in in Chrome but really. This why people don’t like to run updates.
Besides fixing a Word security problem, only three other updates from Microsoft this month.
I suspect this is a light load while they prepare the new big update for Windows 10 aka Creator’s Update that is due out in the next few months.
The WordPress core was just updated last month to version 4.7. And now there is version 4.7.1. This is a security update for vulnerabilities that are actively being hacked. Protect your website and update the WordPress core, all plugins and themes. Be sure to back up your site before you do the update.
An ounce of patching is better than a pound of hacking.