Security and privacy

The following section contains technical updates concerned with security and privacy.

For more detail, see our main Technical Documents Security and Privacy area.

Q3 2023

FastStats

WebP library security flaw in Apteco FastStats

To ensure the continued security of FastStats and safeguard against a security flaw in the WebP library (CVE-2023-4863), we have updated the Chromium component within FastStats to version 116.0.230.

A heap buffer overflow in the WebP library within Google Chrome, specifically in versions prior to 116.0.5845.187, posed a security risk. This vulnerability allowed a remote attacker to execute an out-of-bounds memory write by exploiting a crafted HTML page.

To fully benefit from this security enhancement, you should verify that your FastStats installation includes Chromium version 116.0.230 or a later version.

To install the patched software, see Patch 16: WebP library security flaw in Apteco FastStats.

Q2 2023

FastStats

Upgrade hashing algorithm for FastStats systems

In light of the deprecation of the SHA-1 hash function for digital signatures, we are advising all FastStats systems to transition from SHA-1 to at least SHA-256. This change ensures improved security measures aligning with current standards.

If your FastStats system currently uses SHA-1 Security Hash Method, please see Change hashing algorithm for FastStats systems and follow the steps to transition to your preferred hash method.

Your prompt action in upgrading is appreciated as we strive to maintain the highest security standards for Apteco software.

Q2 2023

General

Technical and Organisational Measures (TOMs) in Apteco Cloud

We are pleased to announce the integration of Technical and Organisational Measures (TOMs) into our Apteco Cloud services. These measures are designed to ensure the utmost security and protection of personal information processed within our cloud environment. They include:

  • Access control

  • Intrusion prevention

  • Unauthorised activities in data processing systems

  • Pseudonymisation and anonymisation

  • Control procedures

  • Separation control

  • Input control

  • Availability control

  • Resilience and fail-safe control

  • Order control

For more details, see Technical and organisational measures (TOMs).