My key is 1.0.8 firmware

    /usr/local/MacGPG2/bin/gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
    D[0000]  01 00 08 90 00                                     .....           
    OK

Sadly.

If they never shipped the pgp applet with older than 1.0.9 as stated in the advisory, maybe you're like me and you installed the applet yourself? I think we can just update the applet (I think you'll have to re-import your keys). Mine is currently running 1.0.7.

https://developers.yubico.com/ykneo-openpgp/Releases/

Just to be clear, the applet is upgradeable (by the user) on these devices, yes?

The answer to my question is apparently "no".

> YubiKey NEOs are not upgradable based on best security practices. There is a no upgrade policy for our devices since nothing, including malware, can write to the firmware.

-- https://www.yubico.com/products/yubikey-hardware/yubikey-neo...

The early NEOs were upgradeable, the recent model that has U2F support is not.

right and this makes me sad since my neo doesn't include and cant upgrade to include u2f ;\

IIRC not being able to add U2F to the old NEO was about missing hardware support for elliptic curve cryptography, which is now present in the new NEO.