Patch Tuesday January 2015

Patch Tuesday

Patch Tuesday January 2015: welcome to a new year of security updates for your business technology! The second Tuesday of the month is the day designated by many software vendors for releasing updates and security patches for their software.

Hot Flash

It’s cold out there and Adobe has decided we all need a hot Flash update. By all, I mean this update which fixes over 15 security problems applies to Windows, Mac and Linux. Google will release an update for Chrome shortly to fix Flash in that browser but every other desktop browser needs a little update. Best to go here in each browser and run the update. Be sure to uncheck whatever crapware Adobe tries to bundle with it. Technical details about the patch here.

WordPress Patchwork

WordPress 4.1 aka Dinah was released on December 18th and the result was most plugins were updated as well.

Here are the steps you need to take:

  1. Backup your web site
  2. Update your WordPress installation from the Dashboard
  3. Go to Plugins on the Menu, click them all, click Bulk Actions and select Update All.

This will take your web site offline for about 20 minutes in total depending on your web host.

Bite of the Apple

Apple released four patches covering almost of the their products in December (Safari, iPhone 4 and later, iPod Touch 5th generation, iPad2 and later, OS X Mavericks, Mountain Lion and Yosemite). Details here. Be sure to check the Apple Software Update tool on your devices.

Apple has not had time to patch the Thunderstrike bootkit that affects products produced since 2011. Weird proof of concept was published earlier this month, details here, it does require the hacker to have physical access to your mac to install the bootkit. We should see a patch from Apple soon for this one.

Microsoft

Is your Windows computer getting slow? Internet Slow? It’s downloading 7 or 8 security updates right now. One of the patches from Microsoft is considered critical, the rest are important.

Schedule some time this week to make sure these patches are installed and yes you will have to reboot your computer.

Google’s non-patch for Android Phones

Google has decided not to patch a security vulnerability that affects 60 per cent of all Android phones. I guess they decided this was the best way to force people to upgrade their gear. More details here. Affects Android 4.3 and lower.

Corel Products

Several Corel photo, video and media editing programs contain a vulnerability that allows hackers to take control of your PC. It doesn’t appear to affect their flagship product WordPerfect. If you are using CorelDraw or CorelPaint or programs listed in this article, be careful out there.

Corel has not released any patches for this or even responded to media requests for comment about the vulnerability.

Remember an ounce of patching is cheaper than a pound of pwning.