You can check your version of FLASH at:
http://www.adobe.com/software/flash/about/
…from Apple
Date: Thu, 28 Apr 2016 15:05:32 -0700
From: Apple Product Security
Subject: APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blocked
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blocked
Due to security and stability issues in older versions, Apple
has updated the web plug-in blocking mechanism to disable all
versions prior to Flash Player 21.0.0.226 and 18.0.0.343.
Information on blocked web plug-ins will be posted to:
http://support.apple.com/en-us/HT202681
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXIoe5AAoJEBcWfLTuOo7tmKYP/iAiKPfjfX/CtKqPBS+oW4qa
rrHETk3f5BODOfc9qFXUPCw6/IfFQ5hEaOJnes1gUWLW9b3Xy7Wn56fgrvUd6vep
lBeZbnx3wKfFGgERiXqxqGL+UNC5sepTTUXMX3NsS1LCq9MaLIGQxuuwi0RQR6r7
hTd+xcv5YGD+iVgzHeFUqRZbMqWWo57tAPKALPa7aufUuAirrN814Rif5cgZqP6/
gXv9zgBiZUwe2sdlIWAglxQFbewaghcHMfm8kozVU1oEdbkU72Mfy/Izi6Bj4b1o
vLf3bJgYYDiS33ofUYn+k/6T0iUNPsVnRaVVQqJA2giLOZy50McSib7HCp5xcBdD
BzLcFWfhY3IzUvHDHMPG+8lygQQ37g/tEkYW66kQAFgXJPVczQXWTXt2Dm93D7w4
kc/g5HxvTaD36GtT7UabgbPWVox7ljIDB1XWKJgviME/Cyh4wGR7DdOUEmFBEUsx
++DXpZSmmoj7FHH9D+P+y44vwasPLZoXJwRHs68UwPd/WmJ96vNG8H9MtiqpWFul
QUBCBsbXn+wGDw3RM71kZhG7NovZOUh4UoVR65RfOgwFwB+Poww+AERttYx9uxbW
gqAYgOvdOdvb0R/b/f5kKw4hL7sB9Og1FSjuB+VZrjK4pBk0IGRJDN/c16PMRO/z
qtB0Zzs5ZisL4zZE8ABx
=MBzl
-----END PGP SIGNATURE-----
…from:
http://opendata.cern.ch/abouthttp://www.engadget.com/2016/04/23/cern-300tb-large-hadron-collider-data/http://techcrunch.com/2016/04/22/cern-releases-300tb-of-large-hadron-collid…
CERN Open Data Portal
The CERN Open Data portal is the access point to a growing range of data produced through the research performed at CERN. It disseminates the preserved output from various research activities, including accompanying software and documentation which is needed to understand and analyse the data being shared.
The portal adheres to established global standards in data preservation and Open Science: the products are shared under open licenses; they are issued with a digital object identifier (DOI) to make them citable objects in the scientific discourse (see details below on how to do this).
LHC Data
Data produced by the LHC experiments are usually categorised in four different levels (DPHEP Study Group (2009)<http://arxiv.org/abs/0912.0255>). The Open Data portal focuses on the release of data from level 2 and 3.
* Level 1 data comprises data that is directly related to publications which provide documentation for the published results
* Level 2 data includes simplified data formats for analysis in outreach and training exercises
* Level 3 data comprises reconstructed data and simulations as well as the analysis level software to allow a full scientific analysis
* Level 4 covers basic raw level data (if not yet covered as level 3 data) and their associated software and allows access to the full potential of the experimental data
CERN releases 300TB of Large Hadron Collider data into open access
[cid:00733CC4-8A47-4E42-BB67-66F6A2A47C38]
CERN just dropped 300 terabytes of collider data on the world.
Kati Lassila-Perini, a physicist who works on the Compact Muon Solenoid<http://home.cern/about/experiments/cms> (!) detector, gave a refreshingly straightforward explanation for this huge release.
“Once we’ve exhausted our exploration of the data, we see no reason not to make them available publicly,” she said in a news release accompanying the data<http://cms.web.cern.ch/news/cms-releases-new-batch-research-data-lhc>. “The benefits are numerous, from inspiring high school students to the training of the particle physicists of tomorrow. And personally, as CMS’s data preservation coordinator, this is a crucial part of ensuring the long-term availability of our research data.”
Amazing that this perspective is not more widely held — though I suspect it is, by the scientists at least, if not the publishers and department heads who must think of the bottom line.
The data itself is from 2011, much of it from protons colliding at 7 TeV (teraelectronvolts, you know) and producing those wonderful fountains of rare particles we all love to fail to understand. All told, it’s about half the total data collected by the CMS detector, and makes up about 2.5 inverse femtobarns. But who’s counting?
[cmsgiffy]<https://tctechcrunch2011.files.wordpress.com/2016/04/cmsgiffy.gif>
There’s both the raw data from the detectors (so you can verify the results) and also “derived” datasets that are more easy to work with — and don’t worry, CERN is providing the tools to do so<http://opendata.cern.ch/search?p=Run2011A%20collection%3ACMS-Tools>, as well. There’s a whole CERN Linux environment ready for booting up in a virtual machine, and a bunch of scripts and apps (some are on GitHub<https://github.com/cms-outreach/ispy-webgl>, too).
Just messing around in the same computing environment used by researchers plumbing the depths of the universe would be an interesting way to spend a few labs in a college physics course. There are even “masterclasses,” data sets and tools specially curated for high school kids.
This is only the latest of several data dumps, but it’s also by far the largest. A more detailed explanation of the types of data and how they can be accessed is right here<http://opendata.cern.ch/about/CMS>.
…from:
https://www.us-cert.gov/ncas/alerts/TA16-105Ahttp://www.macrumors.com/2016/04/14/apple-ending-quicktime-windows-support/http://9to5mac.com/2016/04/14/quicktime-for-windows-update/
…others
For Windows users who want to uninstall QuickTime, Apple has published a support document<https://support.apple.com/en-us/HT205771> that outlines all of the necessary steps. QuickTime for Mac is not affected.
The retirement of QuickTime for Windows has been in the planning stages for at least a few months. Apple has not yet supported QuickTime for Windows 8 or 10, although some users found ways to work around the restriction. The January update removed the browser plugin for QuickTime, making it impossible for video on websites to seamlessly play in a user's browser. As a result, there's little chance QuickTime vulnerabilities could be harnessed into a drive-by download exploit. Instead, exploits would have to rely on social engineering that convinces a user to download a video and open it in QuickTime.
For those wondering, iTunes and QuickTime were separated out a couple of years ago and iTunes no longer requires QuickTime to run properly.
Alert (TA16-105A)
Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
Original release date: April 14, 2016
Print Document
Tweet<https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Falerts…>
Like Me<https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fncas%…>
Share<http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fnca…>
Systems Affected
Microsoft Windows with Apple QuickTime installed
Overview
According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1](link is external)<http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-t…>
Description
All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1](link is external)<http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-t…>
The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2](link is external)<http://zerodayinitiative.com/advisories/ZDI-16-241/> [3](link is external)<http://www.zerodayinitiative.com/advisories/ZDI-16-242/>
Impact
Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.
Solution
Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime(link is external)<https://support.apple.com/en-us/HT205771> page. [4]
References
* [1] Trend Micro - Urgent Call to Action: Uninstall QuickTime for Windows Today(link is external)<http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-t…>
* [2] Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerabilit(link is external)<http://zerodayinitiative.com/advisories/ZDI-16-241/>
* [3] Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulner(link is external)<http://www.zerodayinitiative.com/advisories/ZDI-16-242/>
* [4] Apple - Uninstall QuickTime 7 for Windows(link is external)<https://support.apple.com/en-us/HT205771>
Revisions
* April 14, 2016: Initial Release
tl;dr: New version of FLASH to prevent an attacker to take control of the affected system.
…from:
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: April 7, 2016
Vulnerability identifier: APSB16-10
Priority: See table below<https://helpx.adobe.com/security/products/flash-player/apsb16-10.html#table>
CVE number: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Platform: Windows, Macintosh, Linux and ChromeOS
Summary
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01<https://helpx.adobe.com/security/products/flash-player/apsa16-01.html>for details.
Affected Versions
Product Affected Versions Platform
Adobe Flash Player Desktop Runtime 21.0.0.197 and earlier
Windows and Macintosh
Adobe Flash Player Extended Support Release 18.0.0.333 and earlier Windows and Macintosh
Adobe Flash Player for Google Chrome 21.0.0.197 and earlier Windows, Macintosh, Linux and ChromeOS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.197 and earlier Windows 10
Adobe Flash Player for Internet Explorer 11 21.0.0.197 and earlier Windows 8.1
Adobe Flash Player for Linux 11.2.202.577 and earlier Linux
* To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page<http://www.adobe.com/products/flash/about/>, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution
Adobe categorizes these updates with the following priority ratings<https://helpx.adobe.com/content/help/en/security/severity-ratings.html> and recommends users update their installation to the newest version:
Product Updated Versions Platform Priority rating Availability
Adobe Flash Player Desktop Runtime
21.0.0.213 Windows and Macintosh
1
Flash Player Download Center<http://www.adobe.com/go/getflash>
Flash Player Distribution<http://www.adobe.com/products/players/flash-player-distribution.html>
Adobe Flash Player Extended Support Release 18.0.0.343 Windows and Macintosh
1 Extended Support<http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html>
Adobe Flash Player for Google Chrome 21.0.0.213 Windows, Macintosh, Linux and ChromeOS 1 Google Chrome Releases<http://googlechromereleases.blogspot.com/>
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 21.0.0.213 Windows 10 1 Microsoft Security Advisory
Adobe Flash Player for Internet Explorer 11 21.0.0.213 Windows 8.1
1 Microsoft Security Advisory
Adobe Flash Player for Linux 11.2.202.616 Linux 3 Flash Player Download Center<http://www.adobe.com/go/getflash>
* Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.213 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center<http://www.adobe.com/go/getflash>.
* Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.343 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
* Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.616 by visiting the Adobe Flash Player Download Center<http://www.adobe.com/go/getflash>.
* Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.213 for Windows, Macintosh, Linux and Chrome OS.
* Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
* Adobe Flash Player installed with Internet Explorer for Windows 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
* Please visit the Flash Player Help<https://helpx.adobe.com/flash-player.html> page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
Vulnerability Details
* These updates harden a mitigation against JIT spraying attacks that could be used to bypass memory layout randomization mitigations (CVE-2016-1006).
* These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1015, CVE-2016-1019).
* These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031).
* These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033).
* These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2016-1018).
* These updates resolve a security bypass vulnerability (CVE-2016-1030).
* These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-1014).
Acknowledgments
* Yuki Chen of Qihoo 360 Vulcan Team working with Trend Micro's ZDI (CVE-2016-1015, CVE-2016-1016, CVE-2016-1017)
* Tencent PC Manager<http://www.pcmgr-global.com/> working with Trend Micro's ZDI (CVE-2016-1018)
* Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero (CVE-2016-1011, CVE-2016-1013)
* willj of Tencent PC Manager<http://www.pcmgr-global.com/> (CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)
* Stefan Kanthak (CVE-2016-1014)
* bo13oy of CloverSec Labs (CVE-2016-1012)
* Kang Yang of Qihoo 360 (CVE-2016-1006)
* Nicolas Joly of Microsoft's security team (CVE-2016-1030)
* Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye, Inc.), as well as Clement Lecigne of Google (CVE-2016-1019)
