VMware has released security updates to patch multiple vulnerabilities in their virtualization applications.
Affected versions:
- VMware Horizon View Client for Windows versions earlier than 4.6.1
- VMware Workstation Pro versions earlier than 12.5.8
- VMware Workstation Player versions earlier than 12.5.8
- VMware Fusion Pro / Fusion versions earlier than 8.5.9
Further information including updating instructions can be read from VMware's security advisory.
Wednesday, November 29, 2017
Mozilla Thunderbird Update Available
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.
Affected versions:
Mozilla Thunderbird versions earlier than 52.5
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 52.5
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Thursday, November 16, 2017
Adobe DNG Converter Patch Available
Adobe has released updated version of their Adobe DNG Converter for Windows. Update fixes a critical memory corruption vulnerability (CVE-2017-11295).
Affected are Adobe DNG Converter versions older than 10.0.
More information from the Adobe's security advisory.
Affected are Adobe DNG Converter versions older than 10.0.
More information from the Adobe's security advisory.
Adobe Experience Manager Updated
Adobe has released updated versions of their Experience Manager. Updates fix two important categorized vulnerabilities (CVE-2017-3111 and CVE-2017-11296) and one moderate vulnerability (CVE-2017-3109).
Affected are versions 6.0, 6.1, 6.2 and 6.3
More information from the Adobe's security advisory.
Affected are versions 6.0, 6.1, 6.2 and 6.3
More information from the Adobe's security advisory.
Shockwave Player Updated
Adobe have released an updated version of their Shockwave Player. The new version fixes a security vulnerability that could potentially lead to remote code execution (CVE-2017-11294).
Users of Adobe Shockwave Player 12.2.9.199 and earlier should update to Adobe Shockwave Player 12.3.1.201.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.2.9.199 and earlier should update to Adobe Shockwave Player 12.3.1.201.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
New Version of Adobe Digital Editions Available
Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the disclosure of memory addresses and a memory corruption vulnerability that could lead to the disclosure of memory addresses.
Affected versions are Adobe Digital Editions 4.5.6 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.7).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Affected versions are Adobe Digital Editions 4.5.6 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.7).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Adobe InDesign Update Available
Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2017-11302) that could be abused to execute code remotely. The vulnerability is caused by improper handling of a malformed .inx file.
Affected versions:
- Adobe InDesign earlier than 13.0
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe InDesign earlier than 13.0
More information can be read from Adobe's security bulletin.
Wednesday, November 15, 2017
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.012.20098 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30066 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30355 and earlier
*of series XI (11.x)
Adobe Reader 11.0.22 and earlier
Adobe Acrobat 11.0.22 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2017.012.20098 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30066 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30355 and earlier
*of series XI (11.x)
Adobe Reader 11.0.22 and earlier
Adobe Acrobat 11.0.22 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Adobe Connect Update Available
Adobe have released updated versions of Adobe Connect for Windows. The new update resolves a critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2017-11291) that could be abused to bypass network access controls. The update contains also fixes to three input validation vulnerabilities (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289) that could be used in cross-site scripting attacks. In additional to these the update contains a mitigation to help protect users from clickjacking attacks (CVE-2017-11290).
Affected versions:
- Adobe Connect earlier than 9.7
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Connect earlier than 9.7
More information can be read from Adobe's security bulletin.
Security Patch Available To Adobe Photoshop
Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve two critical vulnerabilities (CVE-2017-11303 and CVE-2017-11304) that could lead to code execution.
Affected versions:
Adobe Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions
Instructions for updating are given in related security bulletin.
Affected versions:
Adobe Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions
Instructions for updating are given in related security bulletin.
Adobe Flash Player Update Available
Adobe have released updated versions of their Flash Player. The new versions fix critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected versions:
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Windows should update to Adobe Flash Player 27.0.0.187
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Macintosh should update to Adobe Flash Player 27.0.0.187
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Linux should update to Adobe Flash Player 27.0.0.187
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Windows should update to Adobe Flash Player 27.0.0.187
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Macintosh should update to Adobe Flash Player 27.0.0.187
- Users of Adobe Flash Player 27.0.0.183 and earlier versions for Linux should update to Adobe Flash Player 27.0.0.187
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For November 2017
Microsoft have released security updates for November 2017.
Summary of the updates (filter by inserting 10/11/2017 to the From field and 11/15/2017 to the To field) here.
Summary of the updates (filter by inserting 10/11/2017 to the From field and 11/15/2017 to the To field) here.
Tuesday, November 14, 2017
Updates For Mozilla Firefox
Mozilla have released updates to Firefox browser to address a bunch of security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 57
- Mozilla Firefox ESR 52.5
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Affected products are:
- Mozilla Firefox earlier than 57
- Mozilla Firefox ESR 52.5
Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Google Chrome Updated
Google have released a version 62.0.3202.94 of their Chrome web browser. More information about changes in Google Chrome Releases blog.
Sunday, November 12, 2017
Symantec Intelligence Report: October 2017
Symantec have published their Intelligence report that sums up the latest threat trends for October 2017.
The report can be viewed here.
The report can be viewed here.
Saturday, November 4, 2017
ITunes 12.7.1 Released
Apple have released version 12.7.1 of their iTunes media player. New version fixes a bunch of security vulnerabilities.
More information about the security content of iTunes 12.7.1 can be read from related security advisory.
Users of old versions should update to the latest one available.
More information about the security content of iTunes 12.7.1 can be read from related security advisory.
Users of old versions should update to the latest one available.
New Version Of iCloud For Windows Released
Apple have released version 7.1 of their iCloud client for Windows. New version fixes a bunch of security vulnerabilities.
More information about the security content of iCloud for Windows 7.1 can be read from related security advisory.
Users of old versions should update to the latest one available here.
More information about the security content of iCloud for Windows 7.1 can be read from related security advisory.
Users of old versions should update to the latest one available here.
Friday, November 3, 2017
WordPress 4.8.3 Released
There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.
Affected versions:
WordPress versions earlier than 4.8.3
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 4.8.3
More information can be read from the WordPress blog.
Subscribe to:
Posts (Atom)
