Mac/PC Archive

Webサービスのアカウント/パスワードやアプリのライセンス番号などをまとめて安全に管理できる「1Password」のMac向け「1Password 6」最新版 6.3 がMac App Storeで配信開始されました。
Webサイトから直接DL提供している「1Password」は6.3公開済み。

価格: 7,800円 (※Mac App Store版 掲載時)
販売元: AgileBits Inc. Copyright
　© 2005-16 AgileBits Inc.

■1Password 6.3 for Mac: The Passion Project

TL;DR

We’ve added support for the Vivaldi, Brave and Opera Developer browsers

• It’s now possible to anchor the Large Type window by simply dragging it
• VoiceOver support is much improved
• A slew of additional improvements and fixes

Spring has sprung and passion is in the air. The birds are feeling it, the bees are feeling it and we are too! We have heard from some very passionate users who have inspired us to make a few key improvements, especially in VoiceOver, Large Type and browser support. We’re really excited about the features we were able to include in this release and hope you are too!

You get extension support, and YOU get extension support, and YOU…

There are new browsers getting created all the time, each with their own niche to serve. 1Password 6.3 added support for three such browsers: Vivaldi, Brave and Opera Developer. Vivaldi aims to be the most customizable of browsers (and is it ever!), and Brave is focused on security and privacy. And Opera Developer is for those who love to live on the edge. These browsers now integrate with 1Password, enabling you to log in to websites with ease.

Large Type

We love Large Type, and based on the feedback we’ve gotten, you do too! We received a lot of passionate pleas to anchor the Large Type window so that it doesn’t disappear so quickly. Now you can simply drag the window and it will transform itself into an anchored window that won’t disappear until you close it yourself or lock your vault.

We hear you

Accessibility has always been important to us. VoiceOver support is a key tool in making 1Password more accessible to more users. That is why in version 6.3, we have made it easier to navigate when using VoiceOver.

We love hearing from you! To provide feedback or get in touch with us, please join us in our discussion forums, email support@agilebits.com, send a message to @1Password on Twitter, or leave a comment on Facebook and tell us about the newest tricks you’ve learned

▼1Password 6 for Mac
▼AgileBits Blog – 1Password 6.3 for Mac: The Passion Project (2016/05/25)

Google Webブラウザーの「Google Chrome 51」安定版(Stable Channel) 51.0.2704.63 がリリースされました。
Windows/Mac/Linux対応。

Chrome 51では、Google「マテリアルデザイン」が適用されたほか、機能の追加や改善、42件のセキュティ問題の修正などが行われています。
また、Google Chrome BlogやChromium Blogへ予定されいる投稿にも要注目。

■Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 42 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
[$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
[$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
[$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
[$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
[$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christoph Diehl.
[$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
[$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
[$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
[$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
[$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
[$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
[$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
[$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
[$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
[$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
[$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
[$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
[$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to jackwillzac.
[$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester.

▼Chrome Releases – Stable Channel Update (2016/05/25)
▼Chromium Blog – Chrome 51 Beta: Credential Management API and reducing the overhead of offscreen rendering (2016/04/29)

米Appleは5月24日(現地時間)、802.11n対応Wi-Fi製品「AirMac (ArtPort) ベースステーション」のファームウェア・アップデート 7.7.7 (11ac対応モデル向け)、およびファームウェア・アップデート 7.6.7 (802.11n対応モデル向け) を公開しました。

Macのユーティリティフォルダーにある「AirMac ユーティリティ」アプリを起動するか、iPhone/iPadアプリ「AirMacユーティリティ」アプリを使って管理画面へアクセスして、アップデートなど設定を行えます。

各機器でのファームウェア・アップデート方法についてはサポート情報をご覧ください。

　→AirMac ベースステーションのファームウェアアップデートについて

7.7.x系統が802.11ac対応モデル、7.6.x系統が802.11n対応モデルと、ダウンロードするファームウェアが違うだけで更新内容は同じ。

■AirMac ベースステーションファームウェア・アップデート 7.6.7 (for 11n)

このアップデートは、AirMac Express、AirMac Extreme、および AirMac Time Capsule を含む、すべての Apple 802.11n Wi-Fi ベースステーションに利用できます。以下の修正点が含まれています。

• Fixes an issue which may prevent communication between clients on the same network
• Improves performance with an extended guest network
• Addresses potential naming conflicts with Bonjour Sleep Proxy

追記：
6月20日更新で、mDNSResponder関連のセキュリティアップデート情報が出てきましたが、先日のMac/iOSのSafari無応答の件でしたっけ(´・ω・`)
対象OSバージョンをみると、微妙に古かったり。
AirMac BS Firmwareは、7.7.7/7.6.7ですが。

6月22日付けで、JVNでも情報掲載。

• JVNVU#97008560 mDNSResponder に複数の脆弱性
• JVNVU#92564194 Apple AirPort Base Station にメモリ破損の脆弱性

▼AirMacユーティリティ
▼Apple – AirPort Base Station Firmware Update 7.7.7 Information
▼Apple – AirPort Base Station Firmware Update 7.6.7 Information
▼Apple – About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7
▼Apple Security ML – APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 (2016/06/20)
▼Apple – Security update for mDNSResponder (2016/06/20)