Foxit Software has released version 8.1.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.
Affected versions:
Foxit Reader 8.1.0.1013 and earlier (Windows)
Foxit PhantomPDF 8.1.0.1013 and earlier (Windows)
More information can be read here.
Wednesday, November 30, 2016
Wednesday, November 23, 2016
Vulnerabilities Fixed In Wireshark
There have been fixed vulnerabilities in Wireshark, free open source program for analyzing network protocols.
Vulnerable are 2.0.x versions 2.0.0-2.0.7 and 2.2.x versions 2.2.0-2.2.1
Non vulnerable version can be downloaded here.
More information can be read from the related advisories:
- wnpa-sec-2016-62
- wnpa-sec-2016-61
- wnpa-sec-2016-60
- wnpa-sec-2016-59
- wnpa-sec-2016-58
Vulnerable are 2.0.x versions 2.0.0-2.0.7 and 2.2.x versions 2.2.0-2.2.1
Non vulnerable version can be downloaded here.
More information can be read from the related advisories:
- wnpa-sec-2016-62
- wnpa-sec-2016-61
- wnpa-sec-2016-60
- wnpa-sec-2016-59
- wnpa-sec-2016-58
Wednesday, November 16, 2016
Google Chrome Updated
Google have released updated versions (54.0.2840.99 for Windows, 54.0.2840.98 for Mac, and 54.0.2840.100 on Linux) of their Chrome web browser. Among other changes the new versions contain security vulnerability fixes. More information about changes in Google Chrome Releases blog.
New PHP Versions Released
PHP development team has released 7.0.13 and 5.6.28 versions of the PHP scripting language. New versions contain fixes to vulnerabilities among other fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.0.13
Version 5.6.28
Changelogs:
Version 7.0.13
Version 5.6.28
VMware Updates Available
VMware has released security update to patch an out-of-bounds memory access vulnerability (CVE-2016-7461) in their virtualization applications. The vulnerability may allow a guest to execute code on the operating system that runs affected version of Workstation or Fusion.
Affected versions:
- VMware Workstation Pro versions earlier than 12.5.2
- VMware Player versions earlier than 12.5.2
- VMware Fusion and Fusion Pro earlier than 8.5.2
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware Workstation Pro versions earlier than 12.5.2
- VMware Player versions earlier than 12.5.2
- VMware Fusion and Fusion Pro earlier than 8.5.2
Further information including updating instructions can be read from VMware's security advisory.
Wednesday, November 9, 2016
Google To Flag Malware Spreading Sites For A Month
Google has introduced a new class in its Safe Browsing anti-malware system called "repeat offenders". This status is reserved for websites "that repeatedly switch between compliant and policy-violating behavior for the purpose of having a successful review and having warnings removed". Once site has been determined as a repeat offender the webmaster will be unable to request additional reviews via the Search Console for 30 days and warnings continue to show to users. According to Google the new class won't be used on hacked websites.
More information in Google's blog post.
More information in Google's blog post.
Adobe Connect Update Available
Adobe have released updated versions of Adobe Connect for Windows. The new update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks.
Affected versions:
- Adobe Connect earlier than 9.5.7
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Connect earlier than 9.5.7
More information can be read from Adobe's security bulletin.
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 23.0.0.205 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 23.0.0.207
- Users of Adobe Flash Player 11.2.202.643 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.644
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 23.0.0.205 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 23.0.0.207
- Users of Adobe Flash Player 11.2.202.643 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.644
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For November 2016
Microsoft have released security updates for November 2016. This month update contains 14 security bulletins of which six categorized as critical and eight as important.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
Tuesday, November 8, 2016
Symantec Intelligence Report: October 2016
Symantec have published their Intelligence report that sums up the latest threat trends for October 2016.
The report can be viewed here.
The report can be viewed here.
Friday, November 4, 2016
Google Chrome Updated
Google have released version 54.0.2840.87 of their Chrome web browser. Among other changes the new version contains a security vulnerability fix (CVE-2016-5198). More information about changes in Google Chrome Releases blog.
Labels:
chrome,
google,
security,
security threat,
update,
vulnerability
Subscribe to:
Posts (Atom)