vBulletin Security Patch for vB 4.1.4 and vB 3.8.7 : Low Risk "phishing" patch

Discussion in 'vBulletin Discussions' started by News Bot, Jul 11, 2011.

  1. News Bot

    News Bot Regular Member

    Apr 28, 2011
    Likes Received:
    Cyber Space
    Announcement and Instructions:

    Earlier last month the vBulletin team was notified of an indirect, low-risk security exploit vector that could potentially be used to maliciously trick users into providing account sensitive information to non-authorized parties. Please see the original notice for more information: https://www.vbulletin.com/forum/show...hishing-Vector

    While the security risk is low, we have taken the report very seriously and incorporated additional security functionality into the vBulletin product to safeguard your site and prevent any attempts at malicious phishing activity.

    After successful installation of the patch, no configuration or activation will be required and the new security check will work automatically to prevent malicious redirection.

    Patched Versions:

    • vBulletin 3.8.7 (download from members area)
    • vBulletin 3.8.7 with Mobile API (download from members area)
    • vBulletin 4.1.4 (download from members area)

    Important Patch Installation Notes:

    • Please check and make sure you are downloading and installing the correct patch.
    • Important; that if you are using vBulletin 3.8.7 with Mobile API product you need the special “vBulletin 3.8.7 MAPI Patch”.
    • This patch requires you to execute the upgrade process in order to install the additional security features.
    • As always, It is recommended to have a full database backup of your site prior to upgrading.

    Patch Installation Instructions:

    • vBulletin 3.8.7 (including Mobile) and vBulletin 4.1.4

    Please note (for Advanced Users Only): These settings and configuration will not affect most vBulletin users. If you have created a custom domain configuration, you can define a domain “whitelist” in your Admin Control Panel. Go to AdminCP -> Settings -> Options -> Site Name / URL / Contact Details -> “Redirect Domain Whitelist”.

    Continue reading...
  2. SpacewardAsh

    SpacewardAsh Lurking From Space

    Jan 2, 2011
    Likes Received:
    Falmouth, Cornwall, UK
    First Name:
    oh they finally found a fix for it...took them long enough...

Share This Page