Firmware Friday: Canon patching dozens of cameras for security; Blackmagic, Nikon and Sony updates, too


posted Friday, August 9, 2019 at 9:24 PM EST


This week's Firmware Friday roundup brings news of updates from four manufacturers in total, although the bulk of these are from one company and are yet to be finalized. It's Canon which is providing the majority of the update news this week, as it works to correct six security vulnerabilities recently uncovered by security researchers.

Also on our radar are updates from Blackmagic, Nikon and Sony, but first let's get down to Canon's news.

Canon EOS 1D X, 1D X II, 1D C, 5D III, 5D IV, 5DS, 5DS R, 6D, 6D II, 7D II, 70D, 80D, M10, M100, M3, M5, M50, M6, R, RP, SL2, SL3, T6, T6i, T6s, T7, T7i; PowerShot G5X II, SX70 HS and SX740 HS

We're breaking our usual rule and foregoing the alphabetical order this week, as Canon has ten times the news of all the others combined -- as you can clearly see from the mind-bogglingly long list of model numbers above. All of these cameras share the same six security vulnerabilities which, although they haven't yet been evaluated by NIST's National Vulnerabilty Database, are given a high impact score from what's considered a low-complexity attack by the Japan Vulnerability Notes database.

In all, there are five buffer overflow vulnerabilities in the Picture Transfer Protocol of the affected cameras, and they're also said to allow installation of unauthorized firmware due to a missing authorization. (Which we'd imagine likely means that once patched, it will no longer be possible to install third-party firmware on these cameras, something to be aware of if you want the possibility of third-party hacks.)

Only one of the models above has yet to receive an update fixing these security concerns. The Canon EOS 80D's version 1.0.3 firmware is available here now, and per the release notes it resolves both issues.

Coincidentally, the EOS Rebel SL3 has also received a new firmware version 1.0.1 this week, but it's not to correct the aforementioned security vulnerabilities, even though they do affect this model too, and will in time be patched. The currently-available update now correctly disables the camera's auto power-off functionality in the menu when using Bluetooth remote control from the Camera Connect app. You can download this update here.

As for the other cameras, watch this space and we'll bring you news of the availability of your updates in future Firmware Friday roundups, once they've been released by Canon. In the meantime, you should disable your cameras' wireless connectivity when not being used, and avoid connecting your camera to a device on a network you don't control, according to the company.

Blackmagic Pocket Cinema Camera 6K

Reverting to alphabetical order for the remainder of the roundup, the folks at Blackmagic Design pop up next on the list. Blackmagic Camera 6.5 adds support for the new Pocket Cinema Camera 6K, and bundles the new Blackmagic RAW Speed Test software for Mac, plus an updated Blackmagic RAW Player for Windows, Mac and Linux. You can download it here for Windows, or here for MacOS.

Nikon Coolpix A1000

Firmware version 1.1 for the Nikon Coolpix A1000 (download here) is rather more significant, bringing fixes for all of the following bugs:

  • Tapping particular areas of the display when attempting to select certain items in the Fn menu would cause the camera to stop responding.

  • Tapping to the right of 6400 when attempting to select a value for ISO sensitivity in the Fn menu would result in the camera exiting to a menu one level higher.

  • Photographs taken under certain lighting with Auto (normal) or Auto (warm lighting) selected for White balance would have a bluish cast.

  • In Continuous H, Continuous M, and Continuous L release modes, frame advance rates would slow as shutter speeds became faster.

  • The camera would sometimes stop responding during burst photography when RAW was selected for Image quality.

  • The camera would sometimes stop responding during playback of photographs taken during burst photography with RAW selected for Image quality.

  • Audio for movies filmed under certain conditions would sometimes break up.

  • Location data downloaded via SnapBridge would sometimes not be recorded with pictures.

Sony XDCAM Z190 and Z280

Finally for this week, Sony has updated its XDCAM Z190 and Z280 video cameras with digital audio transfer compatibility for the Multi Interface Shoe, new menu items for high-res or proxy clip transfer from the thumbnail display (although only if the CBKZ-SLNW1 network upgrade is installed, for the Z190), plus unspecified stability improvements.

Download the PXW-Z190 firmware version 3.00 update here, or the PXW-Z280 firmware version 3.00 update here.

And that's all for this week. Be sure to check back next time for more firmware news!

**Worried you might've missed a critical update lately? Don't be! Just click here for all recent Firmware Friday articles!**

See all the latest Firmware Friday updates

(Camera parts image courtesy of Kelly Hofer / Flickr; used under a Creative Commons CC-BY-2.0 license. Image has been modified from the original.)