NV Access is pleased to announce that version 2021.3.4 of NVDA, the free screen reader for Microsoft Windows, is now available for download. This is a security update which fixes 3 security issues present in older versions of NVDA. We encourage all users to upgrade to this version.
Please responsibly disclose potential security issues to email@example.com. NVDA 2021.3.4 includes 3 security fixes. All issues require physical access to the computer.
- When performing an administrative action that requires a secure screen, a user could open a python console with system privileges. To prevent this, the wx GUI inspection tool is now disabled in secure screens.
- A user with administrative access could capture debug logging from secure screens. To prevent this, it is no longer possible to restart NVDA in secure mode with –debug-logging.
- The public system profile of NVDA could be polluted with unexpected gestures or dictionary replacements. To prevent this, the Input Gesture dialog, Default Dictionary, Voice Dictionary, and Temporary Dictionary are now disabled on secure screens.
For further information, please contact NV Access via firstname.lastname@example.org.
Please note, after updating any software, it is a good idea to restart the computer. Restart by going to the Shutdown dialog, selecting “restart” and pressing ENTER. Updating software can change files which are in use. This can lead to instability and strange behaviour which is resolved by rebooting. This is the first thing to try if you do notice anything odd after updating.