Friday, April 20, 2018

Google Chrome Updated

Google have released a version 66.0.3359.117 of their Chrome web browser. New version contains fixes to 62 security vulnerabilities. More information about changes in Google Chrome Releases blog.

Oracle Critical Patch Update For Q2 of 2018

Oracle have released updates for their products that fix 254 security issues (including 14 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2018.

Friday, April 13, 2018

Symantec Intelligence Report: March 2018

Symantec have published their Intelligence report that sums up the latest threat trends for March 2018.

The report can be viewed here.

Fix For Adobe PhoneGap Push Plugin Available

Adobe have released updated version of their PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.

More information can be read from Adobe security bulletin here.

Adobe ColdFusion Fix Available

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve an important insecure library loading vulnerability (CVE-2018-4938), an important cross-site scripting vulnerability that could lead to code injection (CVE-2018-4940) and an important cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941). These updates also include a mitigation for a critical unsafe Java deserialization vulnerability (CVE-2018-4939) and a mitigation for a critical unsafe XML parsing vulnerability (CVE-2018-4942).

Affected versions:
- ColdFusion (2016 release): update 5 and earlier versions
- ColdFusion 11: update 13 and earlier versions

More information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an out-of-bounds read vulnerability (CVE-2018-4925) rated Important, and a stack overflow vulnerability (CVE-2018-4926) caused by unsafe processing of specially crafted epub files.

Affected versions are Adobe Digital Editions 4.5.7 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.8).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe InDesign Update Available

Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2018-4928) that could be abused to execute code remotely. The vulnerability is caused by unsafe parsing of a malformed .inx file. The update also fixes an untrusted search path vulnerability (CVE-2018-4927) in the InDesign installer. This vulnerability is categorized as important.

Affected versions:
- Adobe InDesign earlier than 13.1

More information can be read from Adobe's security bulletin.