Tag: Apple Security

Standard User Account: Secure your computer with this one simple technique

by Greg Johnson, posted in Tech Tips

A government computer security news alert issued on 22 October 2015 offered this simple advice:

“Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.”

There are a lot of countermeasures to prevent or reduce the impact of malware, hackers, and viruses. Yet, none are as simple and sophisticated as creating and using a standard user account.

Configuration

Here’s how to configure a standard user account.

  1. In Control Panel (for Windows) or System Preferences (for Apple), go to Users.
  2. Create a new administrative-level user account. You’ll need to make sure you’re giving this new account administrative rights. The account should have a password as well — one that you won’t forget.
  3. Create a new visitor account with limited access (standard user) for any friends and family who might be using your computer.
  4. Login to the new administrative-level account.
  5. Go to Control Panel > Users.
  6. Set your original user account to be configured as a Standard account.
  7. Logout
  8. Login to your personal account.

Usage

On a day-to-day basis, use your newly configured personal account with limited rights. That way any virus or hacker who has access to your account can’t perform any administrative tasks.

Once a week, or as frequently as seems necessary, login to the administrative account and perform all updates.

Caution

For some versions of Windows, a new user account is created with standard rights by default. So for an administrative account you’ll need to specifically go in and set the rights to administrator. You need to be careful not to end up with no administrative account left on the computer. If that happens, it becomes unusable (at least not updatable).

Be careful to only perform updates and software installation in the administrative account. Don’t install questionable software or visit any unusual websites.

Here’s Why Apple Makes the Best Windows Computer

by Greg Johnson, posted in Security, Tech Tips

Apple computers have the ability to run Windows, Linux, and Apple operating systems. Here are some reasons why purchasing an Apple laptop or desktop computer is a good decision for Windows users.

  1. Design. Apple computers are known for their beautiful design. This makes them pleasant to interact with.
  2. Displays. Apple has always had nice computer displays and the latest computers include Retina display technology in their laptop and high-end desktop computers. With ambient light sensors and keyboard controlled brightness, you can personalize the display making it very easy on your eyes.
  3. Keyboard. The Apple wireless or wired keyboards are excellent for those working long hours on the computer. The keys have short travel, and entry errors are almost non existent. Apple keyboards feature short-travel keys, which means your fingers don’t need to push the keys down as far, and you can type faster with less effort.
  4. Multiple Operating Systems. Using a product like VMWare Fusion, you can run multiple operating systems on an Apple computer. You can have Apple, Windows, and Linux. If you’re a computer and technical support professional, you’ll likely need to support Apple and Windows computers. With virtual computing, you could have Windows 7, Windows 8, and Windows 10 running at the same time.
  5. Portability. The newer MacBook computers are thiner and lighter than previous models. The new MacBook, MacBook Air, and MacBook Pro computers are very thin and light.
  6. Security. Although Apple computers aren’t entirely impervious to viruses, they are much more secure than Windows computers.
  7. Space Savings. Apple iMac computers are slim and accommodate an aluminum wireless keyboard that takes up very little desk space.
  8. Touch Pad. For those concerned about repetitive stress injuries, the Apple touchpad is essential. It’s highly accurate, easy to use, and with multiple gestures that require a very light touch.
  9. Voice Dictation. Apple uses the same Siri voice recognition technology in their desktop/laptop operating system as with the iPhone. It’s quite accurate in a quiet environment.

20150225we-apple-computer-renewable-energy-santa-monica

Apple ID Two-step Verification

by Greg Johnson, posted in How To, Security, Tech Tips

Two-step verification is now available for Apple ID account holders. The information below is an overview from the Apple website. You need to sign-in to see these instruction on the Apple site, which you probably can’t do if you’re having trouble with logging in.

Two-step verification for Apple ID.

With two-step verification, your identity will be verified using one of your devices before you can make changes to your account, sign in to iCloud, or make iTunes or App Store purchases from a new device.

(1) You enter your Apple ID and password as usual.

step 1

(2) We send a verification code to one of your devices.

step 2

(3) You enter the code to verify your identity and complete sign in.

step 3

You will also get a Recovery Key for safekeeping which you can use to access your account if you ever forget your password or lose your device.

Simple and more secure.

Once enabled, the only way to make changes to your account will be to sign in with two-step verification.

  • There will be no security questions for you to remember or for other people to guess.
  • Only you will be able to reset your password.
  • If you forget your password, you can reset it with a trusted device and your Recovery Key.

For more information, read the FAQ.

Important things to remember.

Please make sure you understand the important security policies below before you turn on two-step verification.

  • With two-step verification enabled, you will always need two of the following to manage your Apple ID:
    • Your password
    • A trusted device
    • Your Recovery Key
  • If you forget your password, you will need your Recovery Key and a trusted device to reset it. Apple will not be able to reset your password on your behalf.
  • App-specific passwords will be required to use iCloud with any third party mail, contacts, or calendar apps.

Multiple Security Vulnerabilities in Apple Mac OS X and Apple Safari

by Greg Johnson, posted in Security

From: State of Iowa – Information Security Office

Date Issued:  May 5, 2015

Maximum Risk Rating/Severity:  High

Brief Summary: All Apple computers (prior to v10.10.3) are vulnerable to the 46 security exploits described below. Update to the latest version of Yosemite immediately.

Overview:

Multiple vulnerabilities have been discovered in Apple MAC OS X and Apple Safari. Mac OS X is an operating system for Apple computers. Apple Safari is a web browser available for Mac OS X and Microsoft Windows. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage, or opens a specially crafted file, including an email attachment, using a vulnerable version of OS X.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 

Affected Software:

Apple Mac OS X Yosemite prior to v10.10.3

Apple Mac OS X Mavericks v10.9.5

Apple Mac OS X Mountain Lion v10.8.5

Apple Safari v8.0.5, 7.1.5, and 6.2.5

Description:

Multiple remote code execution vulnerabilities have been discovered in Mac OS X that could allow remote code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file. Details of these vulnerabilities are as follows:

  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to privilege escalation due to an issue with checking XPC entitlements (CVE-2015-1130).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 have multiple vulnerabilities in Apache prior to versions 2.4.10 and 2.2.29 including one that may allow a remote attacker to execute arbitrary code (CVEs 2015-1066, 2013-5704, 2013-6438, 2014-0098, 2014-0117, 2014-0118, 2014-0226, and 2014-0231).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion 10.8.5, and OS X Mavericks v10.9.5 ATS (Apple Type Services) are prone to multiple input validation issues in fontd which may allow a local user to execute arbitrary code with system privileges (CVEs 2015-1131, 2015-1132, 2015-1133, 2015-1134, and 2015-1135).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain cookie issue which may result in cookies belonging to one origin may be sent to another origin (CVE-2015-1089).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain HTTP request issue which may result in authentication credentials being sent to a server on another origin (CVE-2015-1091).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1088).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a use-after-free issue in CoreAnimation which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1136).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in the processing of font files, which may result in the execution of arbitrary code by processing a maliciously crafted font file (CVE-2015-1093).
  • Apple Mac OS X Yosemite prior to v10.10.2 and OS X Mavericks v10.9.5 are prone to an issue with NVIDIA graphics driver’s handling of certain IOService userclient types, which may allow a local user to execute arbitrary code with system privileges (CVE-20215-1137).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in the hypervisor framework which may allow a local application to cause a denial of service (CVE-2015-1138).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of .sgi files which may result in the execution of arbitrary code by processing a maliciously crafted .sgi file (CVE-2015-1139).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue which may allow a malicious HID (Human Interface Device) to cause arbitrary code execution (CVE-2015-1095).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a buffer overflow issue which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1140).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prune to a kernel memory content disclosure issue which may allow a local user to determine kernel memory layout (CVE-2015-1096).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a heap buffer overflow in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4404).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a null pointer deference issue in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4405).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to an out-of-bounds issue in the IOHIDFamily driver which may allow a use to execute arbitrary code with system privileges (CVE-2014-4380).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue in the handling of virtual memory operations within the kernel which may allow a local user to cause unexpected system shutdown (CVE-2015-1141).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a race condition in the kernel’s setreuid system call which may allow a local user to cause a system denial of service (CVE-2015-1099).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to setreuid and setregid system calls not dropping privileges permanently which may allow a local application to escalate privileges (CVE-2015-1117).
  • Apple Mac OS X Yosemite prior to v10.10.2 ICMP redirects were enabled by default, which may allow an attacker with a privileged network position to redirect user traffic to arbitrary hosts (CVE-2015-1103).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue processing TCP headers which may allow an attacker with a privileged network position to cause a denial of service (CVE-2015-1102).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an out of bounds memory access issue which may allow a local user to cause unexpected system termination or read kernel memory (CVE-2015-1100).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to improper treatment of some IPv6 packets which may allow a remote user to bypass network filters (CVE-2015-1104).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the kernel which may allow a local user to execute arbitrary code with kernel privileges (CVE-2015-1101).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a state inconsistency issue in the handling of TCP out of band data which may allow a remote attacker to cause a denial of service (CVE-2015-1105).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in LaunchService’s handling of application localization data which may allow a local user to cause the Finder to crash (CVE-2015-1142).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a type confusion in LaunchService’s handling of localized strings which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1143).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in the handling of configuration profiles which may allow the processing of a maliciously crafted configuration profile to cause unepxted application termination (CVE-2015-1118).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to weak key generation in ntpd when an authentication key is not configured which may allow a remote attacker to brute force ntpd authentication keys (CVE-2014-9298).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple input validation issue in OpenLDAP which may allow a remote unauthenticated client to case a denial of service (CVEs 2015-1545 and 2015-1546).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers (CVEs 2014-3569, 2014-3570, 2014-3571, 2014-3572, 2014-8275, and 2015-0204).
  • Apple Mac OS X Yosemite prior to v10.10.2 and OSX Mavericks v10.9.5 are prone to an Open Directory Client issue which may allow an unencrypted password to be sent over the network when using Open Directory from OS X Server (CVE-2015-1147).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in PHP, including one which may lead to arbitrary code execution (CVEs 2013-6712, 2014-0207, 2014-0237, 2014-0238, 2014-2497, 2014-3478, 2014-3479, 2014-3480, 2014-3487, 2014-3538, 2014-3587, 2014-3597, 2014-3668, 2014-3669, 2014-3670, 2014-3710, 20214-3981, 2014-4049, 2014-4670, 2014-4698, and 2014-5120).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of iWork files which may allow an opened, maliciously crafted iWork file to execute arbitrary code (CVE-2015-1098).
  • Apple Mac OS X Mountain Lion v10.8.5 is prone to a heap buffer overflow which may allow viewing a maliciously crafted Collada file to lead to arbitrary code execution (CVE-2014-8830).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue that may allow a user’s password to be logged to a local file (CVE 2015-1148).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue that may allow tampered applications to launch (CVEs 2015-1145 and 2015-1146).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in WebKit that may result in arbitrary code execution after visiting a maliciously crafted website (CVE-2015-1069).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow users to be tracked by malicious websites using client certificates (CVE-2015-1129).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow user’s browsing history in private browsing mode to be revealed (CVE-2015-1128).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that will cause the incomplete purging of a user’s browsing history (CVE-2015-1112).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in WebKit that may result in unexpected application termination or arbitrary code execution after visiting a maliciously crafted website (CVEs 2015-1119, 2015-1120, 2015-1121,2015-1122, and 2015-1124).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a state management issue that may result in a user’s browsing history in private mode being indexed (CVE02015-1127).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a an issue in WebKit’s credential handling for FTP URLs that may result in resources of another origin being accessed after visitng a maliciously crafted website (CVE-2015-1126).
  • Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution/Recommendations:

We recommend the following actions be taken:

  • Upgrade to Apple Mac OS X Yosemite 10.10.3 immediately after appropriate testing.
  • Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept, or execute files from un-trusted or unknown sources.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Apple References:

20140226we-apple-computer-security-500x500

Bash Shellshock Bug Vulnerability Exploit Patch

by Greg Johnson, posted in Security, Tech Tips

Summary

Some people are calling the Bash Shellshock Bug the worst thing since the Heartbleed Virus. Others are saying that the vulnerability isn’t as bad as reported since it won’t directly effect most users. The truth is probably somewhere in between. This document offers an introduction into what the Bash exploit is and what you can do about it.

Bash Facts

Here are a few facts about Bash.

  • “Bash or the Bourne again shell, is a UNIX-like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, Bash has evolved from a simple terminal based command interpreter to many other fancy uses. In Linux, environment variables provide a way to influence the behavior of software on the system. They typically consists of a name which has a value assigned to it. The same is true of the Bash shell. It is common for a lot of programs to run Bash shell in the background. It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc)” (source)
  • “Bash is present on every Linux distribution, almost every UNIX system, many Android phones, thousands upon thousands of embedded OS versions on hardware devices — and on every version of Mac OS X ever shipped.” (source)
  • “This patch doesn’t even BEGIN to solve the underlying shellshock problem. This patch just continues the ‘whack-a-mole’ job of fixing parsing errors that began with the first patch. Bash’s parser is certain have many many many other vulnerabilities; it was never designed to be security-relevant.” (source)

Quick Test for Bash Vulnerability

Using Terminal, you can enter the following commands to test for Bash vulnerability.

  • env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If you type that, and only get the message “this is a test” then your system is most likely not vulnerable (other exploits are currently being evaluated, so don’t assume you’re completely protected). However, if you also see the word “vulnerable” generated, then your system is vulnerable.

If you run the above example with the patched version of Bash, you should get an output similar to:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

Ubuntu Users

If you’re a user of the latest version of Ubuntu (14) and have been installing system updates regularly, your computer has likely already been patched.

Resources

Rather than recreating here what has already been posted elsewhere, the following resources have been gathered to provide the information you need and save you from searching the web through thousands of articles.

20140928su-computer-security-news-672x372

Microsoft Office 2011 Mac Security Vulnerabilities Update

by Greg Johnson, posted in Computer Support, Security

20140410th-microsoft-office-2011-mac-security-update

Introduction

This update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.

What You Need To Do

To install this update, simply start one of the Microsoft Office applications, such as Word, and the update dialog (shown above) should appear. Click Install and follow the instructions. The rest of this document goes into more details about the update.

Summary

Microsoft has released security bulletin MS14-017. This security bulletin contains all the relevant information about the security update for Microsoft Office for Mac 2011. To view the complete security bulletin, go to the following Microsoft website:

https://technet.microsoft.com/security/bulletin/MS14-017

In addition to the application improvements that are mentioned here, Office for Mac 2011 is now available as a subscription offering. For more information about subscription, see Frequently Asked Questions.

Details

This update provides the latest fixes for Office for Mac 2011. These include the following:

  • Improves synchronization of blocked senders for Microsoft Exchange Server 2013 and Microsoft Exchange Online accounts in Microsoft Outlook for MacThis update fixes an issue that causes the blocked sender list not to synchronize with the Exchange server when a message is moved immediately after you use the Block Sender action.
  • Improves the ability to recover from certain network errors when you connect by using POP in Outlook for MacThis update fixes an issue that causes Outlook for Mac to re-download the contents of the inbox for POP accounts for certain connection errors.
  • Improves the ability to recover from errors when you try to update the Offline Address Book in Outlook for MacThis update fixes an issue that causes Outlook for Mac not to download the Offline Address Book when certain errors are detected.
  • Improves synchronization of folder hierarchies added by using “Open Other User’s Folder” in Outlook for MacThis update fixes an issue that causes Outlook for Mac to synchronize the folder hierarchies that were added by usingOpen Other User’s Folder too frequently.
  • Increases the data validation control capabilities in Excel for MacThis fix increases the data validation control capabilities from 1,024 entries to 2,048 entries.
  • Improves the ability to respond and recover from certain Exchange server errors in Outlook for MacThis update fixes an issue that causes Outlook for Mac to send too many Exchange server requests when Outlook for Mac receives certain errors from the server.
  • Improves the ability to manage responses for meetings that are sent to distribution lists in Outlook for MacThis update fixes an issue that causes meetings that are sent to distribution lists in which the Request Responses option is not selected to display response options when attendees view meetings in the Calendar view.
  • Improves the ability to create Microsoft Lync for Mac online meetings in Outlook for MacThis update fixes an issue that causes Outlook for Mac to stop responding when you try to schedule an online meeting by using Lync for Mac. This issue occurs when certain information, such as a toll-free number, is missing from the dial-in conference settings.
  • Improves Microsoft Word pointer displayThis update fixes an issue that causes mouse pointers to disappear in sections of documents.
  • Improves the experience for sending encrypted messages in Outlook for MacThis update fixes an issue that causes Outlook for Mac to check Active Directory Domain Services every time for certificates when the application sends encrypted messages in OS X Mavericks, instead of first checking locally cached certificates in the OS X Keychain.

Prerequisites

Before you install the Office for Mac 2011 14.4.1 update, make sure that you have Office for Mac 2011 14.1.0 or a later version installed on your computer. Also, make sure that the computer is running Mac OS X v10.5.8 or a later version of the Mac OS X operating system.

To verify that the computer meets this prerequisite, click About This Mac on the Apple menu.

To verify that Office for Mac 2011 14.1.0 or a later version is installed on your computer, follow these steps:

  1. On the Go menu, click Applications.
  2. Open the Microsoft Office 2011 folder, and then start any Office application. For example, start Word.
  3. On the application menu, click About <application>.
  4. In the About <application> dialog box, notice the version number that is displayed there. It should be 14.1.0 or a later version number.

How to obtain the update

The following file is available for download from the Microsoft Download Center:

Download

Download the Microsoft Office for Mac 14.4.1 Update package now.

Release Date: April 8, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Updated files

For a complete list of the files that this update adds or changes, double-click the update installer, and then, on the File menu, click Show Files.

Notes

The Office for Mac 14.4.1 Update is also available from Microsoft AutoUpdate. AutoUpdate is a program that automatically keeps Microsoft software up-to-date. 

To use AutoUpdate, start a Microsoft Office program. Then, on the Help menu, click Check for Updates.

Learn about the resources for Office for Mac 2011

(Source: http://support.microsoft.com/kb/2939132)

Apple Mac OS X Mavericks v10.9.2 Update Fixes SSL Security and Other Issues

by Greg Johnson, posted in Computer Support, Tech Tips

20140226we-apple-computer-security-500x500

It’s Time to Update Your Apple Mac Computer

There’s an important security update available for your Apple Mac computer, assuming you’re using Apple OS X Mavericks v10.9.x. To update, go to the Apple menu (upper right corner) and then click on Software Update (second option from the top). You’ll need to restart the computer to complete the update. So, finish and save all work before starting.

Update Summary

The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac. (source)

Update Highlights:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Includes general improvements to the stability and compatibility of Mail
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Improves VoiceOver reliability when navigating websites
  • Improves compatibility with Gmail Archive mailboxes
  • Includes improvements to Gmail labels
  • Improves Safari browsing and Software Update installation when using an authenticated web proxy
  • Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
  • Improves the reliability of diskless NetBoot service in OS X Server
  • Fixes braille driver support for specific HandyTech displays
  • Resolves an issue when using Safe Boot with some systems
  • Improves ExpressCard compatibility for some MacBook Pro 2010 models
  • Resolves an issue which prevented printing to printers shared by Windows XP
  • Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
  • Fixes an issue that could prevent certain preference panes from opening in System Preferences
  • Fixes an issue that may prevent migration from completing while in Setup Assistant
  • Provides a fix for SSL connection verification