Patch Tuesday July 2018: all the security patch information you need for your small business.
All these patches are rated category 2 which in Adobe security speak means that as far Adobe knows these security holes are not yet being used by hackers. Now the hackers can reverse engineer the patches to attack unpatched machines.
To make sure you get the updates, in Acrobat and Reader, go to Help on the menu and click Check For Updates. Chrome and Windows will install the latest Flash updates automatically. If you’re using Firefox, you’ll need to go to https://get.adobe.com/flashplayer/
Adobe also released patches for their video software Adobe Connect. Before you need it for a meeting, download the latest software from https://helpx.adobe.com/adobe-connect/connect-downloads-updates.html
Bite of the Apple
July 9th, Apple released iOS 11.4.1 for iThingys everywhere. This version patches bugs with ear pods and more importantly connection with Exchange servers. For security, this version also makes it harder to break into devices via the lightning port. Apple also released updates for iTunes,Apple Watch, Apple TV and the HomePod and mac High Sierra and above.
Why update? Recently I’ve had several clients who had broken business applications because they didn’t have the latest version of iOS and couldn’t get the latest version of the app.
In other Apple news, Chrome will no longer work on Maverick and earlier versions. These leaves holdouts with only Safari browsing which won’t work on a lot web sites.
These will probably be the last updates until the fall when iOS 12 is due and also macOS Mojave. See this article for a preview of Mojave https://arstechnica.com/gadgets/2018/06/macos-mojave-a-visual-tour-of-dark-mode-and-other-major-features/
Microsoft patched over 50 bugs on Patch Tuesday most of them related to the browsers Edge and Internet Explorer. The Office bug patched affects both Office 2016 for Windows and Mac. There are also patches for .net framework (for most offices, .net framework is essential for running databases and accounting software).
My advice is run the updates just before you finish for the day. Make sure you reboot before you leave. Most of the Windows update action happens after you have rebooted or restarted the computer. As always you have a good backup before running updates.
The Spectre of Intel
In response to the Spectre CPU vulnerability, Intel is now releasing quarterly updates on CPU vulnerabilities. However you have to wait for the motherboard manufacturers to release the patches for your affected CPU. And the motherboard manufacturers are only going to release patches for their most recent products. There is no monetary incentive for them to update older equipment, they’d rather force you to buy new. As with the Internet of Things, the firmware manufacturers won’t patch their security problems and the whole mess is too complicated for average businesses and consumers.
If you get a notification on your computer from the manufacturer that you need to install device updates, you should do it. If you’re not sure where the notification came from, go to the manufacturer web site and look up your model. Do not use all driver web sites, they’re nothing but malware and virus hives.
Remember an ounce of patching is cheaper than a pound of hacking. Schedule time to update your devices.