Foxit Software has released version 8.3 of their Foxit Reader and Foxit PhantomPDF software. The new versions contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.
Affected versions:
Foxit Reader 8.2.1.6871 and earlier (Windows)
Foxit PhantomPDF 8.2.1.6871 and earlier (Windows)
More information can be read here.
Saturday, April 22, 2017
Google Chrome Updated
Google have released a version 58.0.3029.81 of their Chrome web browser. Among other changes the new version contains 29 security fixes. More information about changes in Google Chrome Releases blog.
Updates To Mozilla Firefox Released
Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than ESR 52.1 (advisory)
- Mozilla Firefox earlier than ESR 45.9 (advisory)
- Mozilla Firefox earlier than 53 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than ESR 52.1 (advisory)
- Mozilla Firefox earlier than ESR 45.9 (advisory)
- Mozilla Firefox earlier than 53 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
VMware Updates Available
VMware has released security update to patch multiple vulnerabilities in their virtualization applications.
Affected versions:
- VMware Unified Access Gateway 2.8.x or 2.7.x or 2.5.x on Windows platform
- VMware Horizon View 7.x earlier than 7.1.0 on Windows platform
- VMware Horizon View 6.x earlier than 6.2.4 on Windows platform
- VMware Horizon View Client for Windows 4.x earlier than 4.4.0
- VMware Workstation Pro versions earlier than 12.5.3 on Windows platform
- VMware Workstation Player versions earlier than 12.5.3 on Windows platform
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware Unified Access Gateway 2.8.x or 2.7.x or 2.5.x on Windows platform
- VMware Horizon View 7.x earlier than 7.1.0 on Windows platform
- VMware Horizon View 6.x earlier than 6.2.4 on Windows platform
- VMware Horizon View Client for Windows 4.x earlier than 4.4.0
- VMware Workstation Pro versions earlier than 12.5.3 on Windows platform
- VMware Workstation Player versions earlier than 12.5.3 on Windows platform
Further information including updating instructions can be read from VMware's security advisory.
Symantec Intelligence Report: March 2017
Symantec have published their Intelligence report that sums up the latest threat trends for March 2017.
The report can be viewed here.
The report can be viewed here.
Oracle Critical Patch Update For Q2 of 2017
Oracle have released updates for their products that fix 300 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2017.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2017.
Friday, April 14, 2017
Security Patch Available To Adobe Photoshop
Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).
Affected versions:
Adobe Photoshop CC 2017 18.01 and earlier versions
Adobe Photoshop CC 2015.5 17.0.1 (2015.5.1) and earlier versions
Instructions for updating are given in related security bulletin.
Affected versions:
Adobe Photoshop CC 2017 18.01 and earlier versions
Adobe Photoshop CC 2015.5 17.0.1 (2015.5.1) and earlier versions
Instructions for updating are given in related security bulletin.
Creative Cloud Desktop Application Update
Adobe have released a security update to fix two vulnerabilities in their Creative Cloud Desktop Application. The first vulnerability is related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006). The second vulnerability is related to the directory search path used to find resources (CVE-2017-3007).
Affected versions:
Creative Cloud 3.9.5.353 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
Creative Cloud 3.9.5.353 and earlier versions
More information can be read from Adobe's security bulletin.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.023.20070 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30280 and earlier
*of series XI (11.x)
Adobe Reader 11.0.19 and earlier
Adobe Acrobat 11.0.19 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.023.20070 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30280 and earlier
*of series XI (11.x)
Adobe Reader 11.0.19 and earlier
Adobe Acrobat 11.0.19 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Vulnerabilities Fixed In Adobe Campaign
Adobe have released a new version of their Adobe Campaign v6.11. The new version fixes an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).
Affected versions are Adobe Campaign v6.11 Build 8770 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 16.11 Build 8795).
More information (including download instructions for new version) can be read from Adobe security bulletin.
Affected versions are Adobe Campaign v6.11 Build 8770 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 16.11 Build 8795).
More information (including download instructions for new version) can be read from Adobe security bulletin.
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix a critical vulnerability that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 25.0.0.148
- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.148
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 25.0.0.148
- Users of Adobe Flash Player 25.0.0.127 and earlier versions for Linux should update to Adobe Flash Player 25.0.0.148
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For April 2017
Microsoft have released security updates for April 2017.
Details about the updates can be read from release notes. Summary of the updates (filter by inserting 03/14/2017 to the From field and 04/11/2017 to the To field) here.
Details about the updates can be read from release notes. Summary of the updates (filter by inserting 03/14/2017 to the From field and 04/11/2017 to the To field) here.
Tuesday, April 11, 2017
Unpatched Vulnerability In Microsoft Office Being Exploited
There has been found a vulnerability in Microsoft Office that is currently being exploited by different malware families. The vulnerability is related to OLE object handling allowing a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. Microsoft is planning to fix the vulnerability as a part their Tuesday security update. Meanwhile, users should ensure that Office Protected View is enabled.
More information here.
More information here.
Mozilla Thunderbird Update Available
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.
Affected versions:
Mozilla Thunderbird versions earlier than 52
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 52
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Sunday, April 2, 2017
Google Chrome Updated
Google have released a version 57.0.2987.133 of their Chrome web browser. Among other changes the new version contains five security fixes. More information about changes in Google Chrome Releases blog.
Subscribe to:
Posts (Atom)
