Saturday, April 22, 2017

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 8.3 of their Foxit Reader and Foxit PhantomPDF software. The new versions contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader and earlier (Windows)
Foxit PhantomPDF and earlier (Windows)

More information can be read here.

Google Chrome Updated

Google have released a version 58.0.3029.81 of their Chrome web browser. Among other changes the new version contains 29 security fixes. More information about changes in Google Chrome Releases blog.

Updates To Mozilla Firefox Released

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.1 (advisory)
- Mozilla Firefox earlier than ESR 45.9 (advisory)
- Mozilla Firefox earlier than 53 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:

VMware Updates Available

VMware has released security update to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Unified Access Gateway 2.8.x or 2.7.x or 2.5.x on Windows platform
- VMware Horizon View 7.x earlier than 7.1.0 on Windows platform
- VMware Horizon View 6.x earlier than 6.2.4 on Windows platform
- VMware Horizon View Client for Windows 4.x earlier than 4.4.0
- VMware Workstation Pro versions earlier than 12.5.3 on Windows platform
- VMware Workstation Player versions earlier than 12.5.3 on Windows platform

Further information including updating instructions can be read from VMware's security advisory.

Symantec Intelligence Report: March 2017

Symantec have published their Intelligence report that sums up the latest threat trends for March 2017.

The report can be viewed here.

Oracle Critical Patch Update For Q2 of 2017

Oracle have released updates for their products that fix 300 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2017.

Friday, April 14, 2017

Security Patch Available To Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).

Affected versions:
Adobe Photoshop CC 2017 18.01 and earlier versions
Adobe Photoshop CC 2015.5 17.0.1 (2015.5.1) and earlier versions

Instructions for updating are given in related security bulletin.