Microsoft has launched a Windows Bounty Program to help finding bugs in Windows. Microsoft has paid bug hunters earlier too but only some specific Windows features were covered. New program will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard and Microsoft Edge. Bounty payouts will range from $500 USD to $250,000 USD.
More information about the Program can be read from Microsoft Security Response Center (MSRC) blog.
Sunday, July 30, 2017
Wednesday, July 26, 2017
Google Chrome Updated
Google have released a version 60.0.3112.78 of their Chrome web browser. New version contains 40 security fixes. More information about changes in Google Chrome Releases blog.
Saturday, July 22, 2017
ITunes 12.6.2 Released
Apple have released version 12.6.2 of their iTunes media player. New version fixes a bunch of security vulnerabilities.
More information about the security content of iTunes 12.6.2 can be read from related security advisory.
Users of old versions should update to the latest one available.
More information about the security content of iTunes 12.6.2 can be read from related security advisory.
Users of old versions should update to the latest one available.
Oracle Critical Patch Update For Q3 of 2017
Oracle have released updates for their products that fix 308 security issues (including 32 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2017.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in October 2017.
Monday, July 17, 2017
Symantec Intelligence Report: June 2017
Symantec have published their Intelligence report that sums up the latest threat trends for June 2017.
The report can be viewed here.
The report can be viewed here.
Thursday, July 13, 2017
Adobe Connect Update Available
Adobe have released updated versions of Adobe Connect for Windows. The new update resolves two input validation vulnerabilities that could be used in cross-site scripting attacks and contains a mitigation to help protect users from clickjacking attacks.
Affected versions:
- Adobe Connect earlier than 9.6.1
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Connect earlier than 9.6.1
More information can be read from Adobe's security bulletin.
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.137
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.137
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.137
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Windows should update to Adobe Flash Player 26.0.0.137
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Macintosh should update to Adobe Flash Player 26.0.0.137
- Users of Adobe Flash Player 26.0.0.131 and earlier versions for Linux should update to Adobe Flash Player 26.0.0.137
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For July 2017
Microsoft have released security updates for July 2017.
Summary of the updates (filter by inserting 06/14/2017 to the From field and 07/13/2017 to the To field) here.
Summary of the updates (filter by inserting 06/14/2017 to the From field and 07/13/2017 to the To field) here.
New PHP Versions Released
PHP development team has released 7.1.7, 7.0.21 and 5.6.31 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.1.7
Version 7.0.21
Version 5.6.31
Changelogs:
Version 7.1.7
Version 7.0.21
Version 5.6.31
Monday, July 3, 2017
Vulnerability In WP Statistics
There has been found a critical SQL injection vulnerability in WP Statistics WordPress plugin. The plugin is currently installed on over 300,000 websites.
Users of WP Statistics version earlier than 12.0.8 should update their plugin to the latest version.
More information in Sucuri's blog post here.
Users of WP Statistics version earlier than 12.0.8 should update their plugin to the latest version.
More information in Sucuri's blog post here.
Subscribe to:
Posts (Atom)
