Given that update9 is still in its stabilization period, we decided to roll out the fixes for the recently discovered security vulnerabilities (along with a few others) to your devices while we continue to work with update9. This hotfix update fixes

bash vulnerabilities (Shellshock) - CVE-2014-7169, CVE-2014-6271

NSS vulnerabilities - CVE-2014-1568, CVE-2014-1544, CVE-2014-1491, CVE-2014-1490, CVE-2013-5605, CVE-2013-1739, CVE-2013-1741, CVE-2013-0791 Also fixed in the browser engine (Mozilla bug #1064636)

NSPR vulnerabilities - CVE-2014-1545, CVE-2013-5607

Pre-requisites

Working Jolla account configured on your device

Charger connected

Device connected to WLAN or mobile data network

If you are unable to successfully configure the account, please visit account.jolla.com and try to reset your password.

Users running software version < 1.0.4.20

If your device is running software version lower than 1.0.4.20 and have WareHouse app installed (i.e you are using OpenRepos), disable all openrepo repositories before attempting to upgrade your device. Else, you risk breaking the device. Read important-steps-to-do-before-updating and how-to-disable-openrepos-repositories posts for more information.

If your Jolla is connected to internet, an OS update notification should pop up shortly. If you just can't wait, you can manually trigger an OS update check as follows:

Open Settings app

Go to System > Sailfish OS updates

Pull down the pulley menu and select 'Check for update'

Once an OS update notification is received, tap on it and follow the instructions.

Do not reboot the device while the OS update installation is in progress. During the update, the device screen might blank out. You can awaken the display by a short press on the power key to monitor the progress. When the upgrade has completed successfully, you will see the LED light up red before the device restarts.