Friday, April 20, 2018
Google Chrome Updated
Google have released a version 66.0.3359.117 of their Chrome web browser. New version contains fixes to 62 security vulnerabilities. More information about changes in Google Chrome Releases blog.
Oracle Critical Patch Update For Q2 of 2018
Oracle have released updates for their products that fix 254 security issues (including 14 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2018.
Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.
Next Oracle CPU is planned to be released in July 2018.
Friday, April 13, 2018
Symantec Intelligence Report: March 2018
Symantec have published their Intelligence report that sums up the latest threat trends for March 2018.
The report can be viewed here.
The report can be viewed here.
Fix For Adobe PhoneGap Push Plugin Available
Adobe have released updated version of their PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.
More information can be read from Adobe security bulletin here.
More information can be read from Adobe security bulletin here.
Adobe ColdFusion Fix Available
Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve an important insecure library loading vulnerability (CVE-2018-4938), an important cross-site scripting vulnerability that could lead to code injection (CVE-2018-4940) and an important cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941). These updates also include a mitigation for a critical unsafe Java deserialization vulnerability (CVE-2018-4939) and a mitigation for a critical unsafe XML parsing vulnerability (CVE-2018-4942).
Affected versions:
- ColdFusion (2016 release): update 5 and earlier versions
- ColdFusion 11: update 13 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion (2016 release): update 5 and earlier versions
- ColdFusion 11: update 13 and earlier versions
More information can be read from Adobe's security bulletin.
New Version of Adobe Digital Editions Available
Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an out-of-bounds read vulnerability (CVE-2018-4925) rated Important, and a stack overflow vulnerability (CVE-2018-4926) caused by unsafe processing of specially crafted epub files.
Affected versions are Adobe Digital Editions 4.5.7 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.8).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Affected versions are Adobe Digital Editions 4.5.7 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.8).
More information (including download instructions for new version) can be read from Adobe's security bulletin.
Adobe InDesign Update Available
Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2018-4928) that could be abused to execute code remotely. The vulnerability is caused by unsafe parsing of a malformed .inx file. The update also fixes an untrusted search path vulnerability (CVE-2018-4927) in the InDesign installer. This vulnerability is categorized as important.
Affected versions:
- Adobe InDesign earlier than 13.1
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe InDesign earlier than 13.1
More information can be read from Adobe's security bulletin.
Adobe Experience Manager Updated
Adobe has released updated versions of their Experience Manager. Updates fix three vulnerabilities: two important (CVE-2018-4930 and CVE-2018-4931) and one moderate (CVE-2018-4929) categorized.
Affected are versions 6.0, 6.1, 6.2 and 6.3
More information from the Adobe's security advisory.
Affected are versions 6.0, 6.1, 6.2 and 6.3
More information from the Adobe's security advisory.
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code.
Affected versions:
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.140
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.140
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.140
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.140
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.140
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.140
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Microsoft Security Updates For April 2018
Microsoft have released security updates for April 2018.
Summary of the updates (filter by inserting 3/14/2018 to the From field and 4/13/2018 to the To field) here.
Summary of the updates (filter by inserting 3/14/2018 to the From field and 4/13/2018 to the To field) here.
Friday, April 6, 2018
Latest PHP Versions Available
PHP development team has released 7.2.4, 7.1.16, 7.0.29 and 5.6.35 versions of the PHP scripting language Among other changes one security bug is fixed too. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.2.4
Version 7.1.16
Version 7.0.29
Version 5.6.35
Changelogs:
Version 7.2.4
Version 7.1.16
Version 7.0.29
Version 5.6.35
Microsoft Malware Protection Engine Vulnerability
The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. There has been found a vulnerability in it. The vulnerability (CVE-2018-0986) may allow an attacker to execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Affected are versions earlier than 1.1.14700.5.
In default settings Malware Protection Engine should update itself automatically. Instructions for checking currently used version can be read here under "Verification of the update installation" section of the correspondent product in use.
More information can be read from the related advisory.
Affected are versions earlier than 1.1.14700.5.
In default settings Malware Protection Engine should update itself automatically. Instructions for checking currently used version can be read here under "Verification of the update installation" section of the correspondent product in use.
More information can be read from the related advisory.
WordPress 4.9.5 Released
There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.
Affected versions:
WordPress versions earlier than 4.9.5
More information can be read from the WordPress blog.
Affected versions:
WordPress versions earlier than 4.9.5
More information can be read from the WordPress blog.
Monday, April 2, 2018
ITunes 12.7.4 Released
Apple have released version 12.7.4 of their iTunes media player. New version fixes security vulnerabilities.
More information about the security content of iTunes 12.7.4 can be read from related security advisory.
Users of old versions should update to the latest one available.
More information about the security content of iTunes 12.7.4 can be read from related security advisory.
Users of old versions should update to the latest one available.
New Version Of iCloud For Windows Released
Apple have released version 7.4 of their iCloud client for Windows. New version fixes security vulnerabilities.
More information about the security content of iCloud for Windows 7.4 can be read from related security advisory.
Users of old versions should update to the latest one available here.
More information about the security content of iCloud for Windows 7.4 can be read from related security advisory.
Users of old versions should update to the latest one available here.
Subscribe to:
Posts (Atom)
