TidBITS Watchlist: Notable Software Updates for 16 September 2013
Microsoft Office 2011 14.3.7 — With the release of Office 2011 14.3.7, Microsoft has bashed a number of bugs and closed a security vulnerability in Excel that could allow remote code execution from a specially crafted spreadsheet file. On the Outlook front, the update fixes several issues related to navigation through several panes and using screen reader software. Outlook also now enables you to insert images via the Format menu and adds an item sort order to the View menu. The new release also improves how SharePoint
handles opening and checking out files to avoid a crash, plus it prevents a crash in Excel when a spreadsheet contains several drop-down macros. (Free updates via the Office for Mac Web site or through Microsoft AutoUpdate, 113 MB, release notes)
Read/post comments about Microsoft Office 2011 14.3.7.
SpamSieve 2.9.8 — C-Command Software has released SpamSieve 2.9.8 with a variety of improvements to the app’s filtering accuracy and a change to the Train as Good command in Apple Mail, which now considers the message’s CC recipients when determining the correct destination inbox. The spam-filtering utility has been updated to handle the recently released OS X 10.8.5 Mountain Lion (see “OS X 10.8.5 Fixes Nasty Text Rendering Bug,” 12 September 2013), but not the upcoming OS X 10.9 Mavericks. The release also improves how the installer works around incorrect Apple Mail
folder permissions, removes unused code from the Apple Mail plug-in, and updates several sections of the manual. ($30 new with a 20 percent discount for TidBITS members, free update, 10.8 MB, release notes)
Read/post comments about SpamSieve 2.9.8.
Security Update 2013-004 for Lion and Snow Leopard — Apple has released Security Update 2013-004 for Mac OS X 10.7 Lion and 10.6 Snow Leopard, both of which receive two versions: Lion (113.23 MB) and Lion Server (161.17 MB), plus Snow Leopard (331.5 MB) and Snow Leopard Server (406.49 MB).
Most notably, the updates fix an issue in Lion where an attacker could gain superuser access by resetting the system clock. (For details, see “Hackers Can Root Macs by Going Back in Time,” 30 August 2013.)
Additionally, these updates fix other user-level vulnerabilities in Lion, including security holes in QuickTime that could permit malicious movie files to cause application crashes or arbitrary code execution, Installer packages that could be opened after certificate revocation, and an issue in Mobile Device Management that could disclose passwords to local users.
Also fixed are a number of security vulnerabilities on the Unix end, via updates to the Apache Web server, the BIND DNS server (Lion only), the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database (Lion only). (Free, various sizes)
Read/post comments about Security Update 2013-004 for Lion and Snow Leopard.
Read/post comments about Safari 5.1.10 for Snow Leopard.
Nisus Writer Pro 2.0.5 and Express 3.4.4 — Addressing a large number of niggling issues and incorporating a few minor enhancements, Nisus Software has released Nisus Writer Pro 2.0.5 and Nisus Writer Express 3.4.4 to the applause of grateful Take Control writers and editors. Nisus Writer Pro fixes a bug with exported EPUBs that produced validation errors if the file contained multiple chapters, resolves a hang caused by competing TOC inclusion instructions, adds numerous macro enhancements (including the capability to run macros when clicked), and fixes a variety of issues related to indexing.
Both the Pro and Express editions add the capability to use aliases when inserting a link to a file or image that will resolve if the target is moved or renamed, as well as fix bugs related to inline spellchecking, creating PDFs, and printing, and incorrectly creating a new blank document when opening an existing document. (For Nisus Writer Pro: $79 new, free update, 178 MB, release notes. For Nisus Writer Express: $45 new, free update, 51 MB, release notes.)
Read/post comments about Nisus Writer Pro 2.0.5 and Express 3.4.4.