Happy Patch Tuesday

Today was the first Patch Tuesday in nearly four years that I didn’t have to worry about professionally. Since Microsoft released 13 patches today and Adobe released two, my former coworkers might be wondering if I knew something. (I didn’t.)

But I still patched my machine at home, and I recommend you do too. Macintosh owners, you’re not immune, so I have some homework for you too.The Adobe patches apply to Acrobat and to the so-called Adobe Reader (which used to be called Acrobat Reader). I recommend you launch Adobe Reader, go to the Help menu, and select Check for Updates. Unless you’re reading this site on a Commodore 64, these updates apply to you.

Mac users tend to be awfully smug about security, and that myth really needs to stop. Apple hasn’t released any security fixes this month, but they did release 9 fixes last month. The biggest one fixes flaws in 16 different applications. Microsoft probably would have released 16 different patches instead of just one. I prefer the Microsoft approach–besides being a little more honest, it also results in smaller download packages if by some chance one or more of those 16 vulnerabilities happen to not apply to a particular machine.

And now, please excuse me for a moment while I recover from the shock of having used the word “honest” to describe Microsoft.

Just out of curiosity, I looked, and Apple has released security updates every month this year except for April. Unlike Microsoft, they don’t follow a set schedule, and the month isn’t over yet, so I wouldn’t be surprised to see something from them later this month.

I won’t bore you with the details, but basically, what it comes down to is this: If I really want into your computer, all I really have to do is booby-trap a file and get you to open it. It could be a PDF file, a movie, a music file, or something else. I can embed code into that file that gives me complete control of the computer. I just have to know whether your computer runs Mac OS or Windows. And how to write the code, of course. (I don’t know how to write the code and I don’t want control of your computer, so there’s no reason to be afraid of me.)

If you’ve been installing your patches, there’s little reason to be afraid of the guy who who DOES know how to write the code and DOES want control of your computer.

Your computer may update automatically. If you don’t know for certain whether it does, I suggest you find out. Now. No matter whose name is stamped on the case.

If you found this post informative or helpful, please share it!