Hi all users of Opera 12,
Though I have been a long time in Opera, this is my first blog post for the Desktop team. I normally write over at the Security blog, but since this Opera update is purely about deep security layers, I figure it is time to try something new
But before I can tell you about the security fixes, there is the mandatory weather update. Since a picture says more than a thousand words, here is one with today’s view from the Desktop wing (note the guy sunbathing in the middle).
As discussed in our blog post about Heartbleed, the standalone autoupdater for Opera 12 on Windows was vulnerable to a Heartbleed attack from someone who would be in possession of a valid Opera certificate. While fixing this, we also found another issue with our autoupdate on Windows which might be exploited by someone in possession of such a certificate. Successful exploitation, which would require using a third, unrelated bug on Windows, could allow a mischievous man in the middle to run arbitrary code on the computer. Opera 12.17 is therefore a recommended security upgrade on Windows. While it is unlikely that someone has gained access to a certificate of ours, we cannot rule out that some foreign intelligence agency has done so, and we want to be on the safe side.
Opera 12 for Windows will update itself automatically. Mac and Linux are not affected, and will not receive a 12.17 update.
The discussion area below is to be used exclusively for positive comments, praising our good work Transgressors may be ignored, at their own peril.