Apple have released version 12.9 of their iTunes media player. New version fixes security vulnerabilities.
More information about the security content of iTunes 12.9 can be read from related security advisory.
Users of old versions should update to the latest one available.
Wednesday, September 26, 2018
Monday, September 24, 2018
Vulnerability In Microsoft Windows JET Database Engine
There has been found a critical vulnerability in Microsoft Windows JET Database Engine. By exploiting the vulnerability an attacker may execute arbitrary code in vulnerable system under the context of the current process. To exploit the vulnerability user interaction is needed.
At the moment there's no patch available against the vulnerability. In the absence of a fix special caution should be exercised without opening suspicious and from untrusted sources received files.
More information in Zero Day Initiative's blog post.
At the moment there's no patch available against the vulnerability. In the absence of a fix special caution should be exercised without opening suspicious and from untrusted sources received files.
More information in Zero Day Initiative's blog post.
Labels:
Microsoft,
security,
security threat,
vulnerability,
Windows
Mozilla Firefox Updated
Mozilla have released updated versions of Firefox browser to address security vulnerabilities.
Affected products are:
- Mozilla Firefox earlier than 62.0.2 (advisory)
- Mozilla Firefox earlier than ESR 60.2.1 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Affected products are:
- Mozilla Firefox earlier than 62.0.2 (advisory)
- Mozilla Firefox earlier than ESR 60.2.1 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Labels:
Firefox,
Mozilla,
security,
security threat,
update,
vulnerability
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30099 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30448 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier
*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30099 and earlier
*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30448 and earlier
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerabilities can be read from Adobe's security bulletin.
Labels:
acrobat,
adobe,
pdf,
pdf reader,
security,
security threat,
update,
vulnerability
Monday, September 17, 2018
Latest PHP Versions Available
PHP development team has released 7.2.10, 7.1.22, 7.0.32 and 5.6.38 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.2.10
Version 7.1.22
Version 7.0.32
Version 5.6.38
Changelogs:
Version 7.2.10
Version 7.1.22
Version 7.0.32
Version 5.6.38
Labels:
PHP,
security,
security threat,
update,
vulnerability
Wednesday, September 12, 2018
Symantec Intelligence Report: August 2018
Symantec have published their Intelligence report that sums up the latest threat trends for August 2018.
The report can be viewed here.
The report can be viewed here.
Google Chrome Updated
Google have released a version 69.0.3497.92 of their Chrome web browser. New version contains fixes to two security vulnerabilities. More information about changes in Google Chrome Releases blog.
Labels:
chrome,
google,
security,
security threat,
update,
vulnerability
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions fix a security vulnerability (CVE-2018-15967) that could lead to information disclosure.
Affected versions:
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.108
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.108
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.108
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.108
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.108
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.108
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Labels:
adobe,
flash,
security,
security threat,
update,
vulnerability
Adobe ColdFusion Fix Available
Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve security vulnerabilities of which some critical. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code in the affected system.
Affected versions:
- ColdFusion (2018 release): July 12 release (2018.0.0.310739)
- ColdFusion (2016 release): update 6 and earlier versions
- ColdFusion 11: update 14 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion (2018 release): July 12 release (2018.0.0.310739)
- ColdFusion (2016 release): update 6 and earlier versions
- ColdFusion 11: update 14 and earlier versions
More information can be read from Adobe's security bulletin.
Labels:
adobe,
coldfusion,
security,
security threat,
update,
vulnerability
Microsoft Security Updates For September 2018
Microsoft have released security updates for September 2018.
Summary of the updates (filter by inserting 8/15/2018 to the From field and 9/12/2018 to the To field) here.
Summary of the updates (filter by inserting 8/15/2018 to the From field and 9/12/2018 to the To field) here.
Labels:
Microsoft,
security,
security threat,
update,
vulnerability
Monday, September 10, 2018
Vulnerability In WordPress
There has been found an unpatched vulnerability (CVE-2018-1000773) in WordPress. The vulnerability is due to insufficient sanitization of user-supplied input submitted to the affected software. The vulnerability may allow an attacker to execute arbitrary code in target system. To exploit the vulnerability the attacker must have user-level access to the target system.
Affected versions:
WordPress 4.9.8 and earlier versions
Cisco's multivendor vulnerability alert can be read here.
Affected versions:
WordPress 4.9.8 and earlier versions
Cisco's multivendor vulnerability alert can be read here.
Labels:
security,
security threat,
vulnerability,
WordPress
Thursday, September 6, 2018
AirWatch Agent and VMware Content Locker updated
There have been found data protection vulnerabilities (CVE-2018-6975, CVE-2018-6976) in AirWatch Agent and VMware Content Locker.
Affected versions:
- AirWatch Agent for iOS (A/W Agent) versions earlier than 5.8.1
- VMware Content Locker for iOS (A/W Locker) versions earlier than 4.14
More information in VMware advisory
Affected versions:
- AirWatch Agent for iOS (A/W Agent) versions earlier than 5.8.1
- VMware Content Locker for iOS (A/W Locker) versions earlier than 4.14
More information in VMware advisory
Labels:
airwatch,
content locker,
security,
security threat,
update,
VMWare,
vulnerability
Mozilla Firefox Updated
Mozilla have released updated versions of Firefox browser to address security vulnerabilities of which some critical.
Affected products are:
- Mozilla Firefox earlier than 62 (advisory)
- Mozilla Firefox earlier than ESR 60.2 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Affected products are:
- Mozilla Firefox earlier than 62 (advisory)
- Mozilla Firefox earlier than ESR 60.2 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox
Labels:
Firefox,
Mozilla,
security,
security threat,
update,
vulnerability
Subscribe to:
Posts (Atom)