Sunday, August 13, 2017

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix an important categorized file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110).

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes  a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure.

Affected versions are Adobe Digital Editions 4.5.5 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.6).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.009.20058 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.008.30051 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30306 and earlier

*of series XI (11.x)
Adobe Reader 11.0.20 and earlier
Adobe Acrobat 11.0.20 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Flash Player Update Available

Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.151

- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.151

- Users of Adobe Flash Player 26.0.0.137 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.151

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, August 11, 2017

Updates For Mozilla Firefox

Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.3 (advisory)
- Mozilla Firefox earlier than 55 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For August 2017

Microsoft have released security updates for August 2017.

Summary of the updates (filter by inserting 07/12/2017 to the From field and 08/11/2017 to the To field) here.

Symantec Intelligence Report: July 2017

Symantec have published their Intelligence report that sums up the latest threat trends for July 2017.

The report can be viewed here.