VMware Updates Available

VMware have released updated versions of their virtualization software patching one moderate (CVE-2019-5539) categorized vulnerability.

Affected versions:
-Horizon Client for Windows 7.x.x earlier than 7.11.0 or 7.10.1 or 7.5.4
-VMware Workstation Pro/Player versions earlier than 15.5.1

More information in VMware advisory here.

New Google Chrome Version Released

Google have released a version 79.0.3945.88 of their Chrome web browser. The new version contains a fix to a security vulnerability.

More information about changes can be viewed in Google Chrome Releases blog.

WordPress 5.3.2 Released

There has been released a new version of WordPress (blogging tool and content management system). Version 5.3.2 fixes a few high severity bugs that were found after the version 5.3.1 release (it contained also fixes to security vulnerabilities).

Affected versions:
WordPress versions earlier than 5.3.2

More information can be read from the WordPress blog.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.3

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 71 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Adobe ColdFusion Fix Available

Adobe have released updated version of ColdFusion web application development platform. This fix resolves one important categorized (CVE-2019-8256) vulnerability which may allow privilege escalation.

Affected versions:
- ColdFusion (2018 release): update 6 and earlier versions

More information can be read from Adobe's security bulletin.

New Version Of Adobe Brackets Available

Adobe have released new versions of Adobe Brackets for Windows, Linux and MacOS. These updates resolve a critical categorized vulnerability which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Brackets 1.14 and earlier versions (Windows, Linux and macOS)

Solution:
Update to Adobe Brackets 1.14.1 version

Instructions for updating are given in related security bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve two critical categorized vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 20.0.7 and earlier versions (Windows and macOS)
Adobe Photoshop CC 21.0.1 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 20.0.8 or 21.0.2 version

Instructions for updating are given in related security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.021.20058

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30156

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30508


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.9 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.16 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.9
-iCloud 7.16

ITunes 12.10.3 For Windows Released

Apple have released version 12.10.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

Microsoft Security Updates For December 2019

Microsoft have released security updates for December 2019.

Summary of the updates (filter by inserting 11/10/2019 to the From field and 12/10/2019 to the To field) here.

New PHP versions available

PHP development team has released 7.4.1, 7.3.13 and 7.2.26 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.1

Version 7.2.26

New Google Chrome Version Released

Google have released a version 78.0.3904.108 of their Chrome web browser. The new version contains fixes to five security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

VMware Updates Available

VMware have released updated versions of their virtualization software patching security vulnerabilities.

Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201911401-BG or ESXi670-201911402-BG
-ESXi 6.5 without Patch Release ESXi650-201911401-BG or ESXi650-201911402-BG
-ESXi 6.0 without Patch Release ESXi600-201911401-BG or ESXi600-201911402-BG
-VMware Workstation Pro/Player versions earlier than 15.5.1
-VMware Fusion earlier than 11.5.1

More information in VMware advisories here and here.

New Adobe Bridge CC Version Available

Adobe have released version 10.0 of their Bridge CC. The update fixes two important categorized vulnerabilities (CVE-2019-8239 and CVE-2019-8240). Exploiting the vulnerabilities could lead to information disclosure in the context of current user.

Affected are versions 9.1 and earlier.

More information from the Adobe's security advisory.

Adobe Media Encoder Updated

Adobe have released an updated versions of their Media Encoder. The new versions fix two vulnerabilities of which one is categorized as critical. By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. The other vulnerabilities are information disclosure vulnerabilities and those are categorized as important.

Affected versions:
- Adobe Media Encoder versions earlier than 14


More information can be read from Adobe's security bulletin.

Adobe Illustrator CC Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator CC. The new version fixes vulnerabilities of which some may allow arbitrary code execution in the context of current user.

Affected versions
Illustrator CC 2019 23.1 and earlier versions

More information in the correspondent bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate CC. The new version fixes a vulnerability that could to to privilege escalation (CVE-2019-7960).

Affected versions
Animate CC 2019 19.2.1 and earlier






More information in the correspondent bulletin.

Symantec Intelligence Report: October 2019

Symantec have published their Intelligence report that sums up the latest threat trends for October 2019.
The report can be viewed here.

Microsoft Security Updates For November 2019

Microsoft have released security updates for November 2019.

Summary of the updates (filter by inserting 10/10/2019 to the From field and 11/12/2019 to the To field) here.

Google Chrome Vulnerabilities Fixed

Google have released a version 78.0.3904.87 of their Chrome web browser. The new version contains fixes to two security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 11.0 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.15 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.0
-iCloud 7.15

ITunes 12.10.2 For Windows Released

Apple have released version 12.10.2 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.2 can be read from related security advisory.

Users of old versions should update to the latest one available.

New PHP versions available

PHP development team has released 7.3.11, 7.2.24 and 7.1.33 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.11
Version 7.2.24
Version 7.1.33

More VMware Updates Available

VMware have released updated versions of their virtualization software patching one moderate (CVE-2019-5536) categorized vulnerability.

Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201908101-SG
-ESXi 6.5 without Patch Release ESXi650-201910401-SG
-VMware Workstation Pro/Player versions earlier than 15.5.0
-VMware Fusion earlier than 11.5.0

More information in VMware advisory here.

VMware vCenter Update Available

VMware have released updated versions of VMware vCenter Server Appliance patching two moderate categorized vulnerabilities.

Affected versions:
-vCenter 6.7 earlier than U3a
-vCenter 6.5 earlier than U3d

More information in VMware advisory here.

Mozilla Thunderbird Vulnerable

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities may allow execution of arbitrary code in affected system.

Affected versions:
Mozilla Thunderbird versions earlier than 68.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 70 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Critical Vulnerability In VMware Products

There has been found a critical vulnerability affecting VMware Cloud Foundation and Harbor Container Registry for PCF products. When exploited the vulnerability (CVE-2019-16919) that may lead to unauthorized access to push/pull/modify images in the target adjacent project.

Affected versions
-VMware Cloud Foundation (fix patch pending)
-VMware Harbor Container Registry for PCF 1.8.x versions earlier than 1.8.4
-VMware Harbor Container Registry for PCF 1.7.x versions are not affected

More information can be read from the correspondent security advisory.

Oracle Critical Patch Update For Q4 of 2019

Oracle have released updates for their products that fix 219 security issues (including 20 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2020.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.7 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.6.0.25114 and earlier (Windows)
Foxit PhantomPDF 9.6.0.25114 and earlier (Windows)

More information can be read here.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains patches to security vulnerabilities too. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.2.4

More information can be read from the WordPress blog.

Adobe Download Manager Updated

Adobe has released updated version of their Download Manager for Windows. The new version fixes one important (CVE-2019-8071) categorized vulnerability that could result in privilege escalation.

Affected is version 2.0.0.363. The new version 2.0.0.417 is available for Adobe Reader for Windows here and for Adobe Flash Player for Windows here.

More information from the Adobe's security advisory.

Adobe Experience Manager Forms Updated

Adobe has released updated versions of their Experience Manager Forms. Updates fix one moderate (CVE-2019-8089) categorized vulnerability that could result in sensitive information disclosure.

Affected are versions 6.3, 6.4 and 6.5

More information from the Adobe's security advisory.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.012.20040

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30148

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30503


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Adobe Experience Manager (AEM). Updates fix multiple vulnerabilities. Successful exploitation could result in unauthorized access to the AEM environment.

Affected are versions 6.0, 6.1, 6.2, 6.3, 6.4 and 6.5

More information from the Adobe's security advisory.

Symantec Intelligence Report: September 2019

Symantec have published their Intelligence report that sums up the latest threat trends for September 2019.
The report can be viewed here.

Google Chrome Vulnerabilities Fixed

Google have released a version 77.0.3865.120 of their Chrome web browser. The new version contains fixes to eight security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Microsoft Security Updates For October 2019

Microsoft have released security updates for October 2019.

Summary of the updates (filter by inserting 09/11/2019 to the From field and 10/09/2019 to the To field) here.

ITunes 12.10.1 For Windows Released

Apple have released version 12.10.1 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.1 can be read from related security advisory.

Users of old versions should update to the latest one available.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.7 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.14 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.7
-iCloud 7.14

New PHP versions available

PHP development team has released 7.3.10 and 7.2.23 versions of the PHP scripting language. Among other bugs some security bugs (in 7.3.10 version) have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.10
Version 7.2.23

Scripting Engine Vulnerability Fixed In Internet Explorer

Microsoft have released an update to Internet Explorer web browsers. The update contains a fix to scripting engine memory corruption vulnerability (CVE-2019-1367). By exploiting the vulnerability an attacker may be able to execute arbitrary code and get the same user rights as the current user.

Affected versions
-Internet Explorer 9, 10 and 11

More information and instructions for updating can be read in the correspondent security advisory

Adobe ColdFusion Fixed

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve two critical (CVE-2019-8073, CVE-2019-8074) and one important (CVE-2019-8072) vulnerabilities of which one may allow an attacker to execute arbitrary code in the affected system.

Affected versions:
- ColdFusion (2018 release): update 4 and earlier versions
- ColdFusion (2016 release): update 11 and earlier versions

More information can be read from Adobe's security bulletin.

VMware Patches A Critical Vulnerability

VMware have released new versions of their Cloud Foundation and Harbor Container Registry for PCF products. The new versions fix a critical vulnerability (CVE-2019-16097) that may allow for a remote escalation of privilege.

Affected versions
-VMware Cloud Foundation is affected if the optional 'Harbor Registry' component has been deployed.
-VMware Harbor Container Registry for PCF 1.8.x versions earlier than 1.8.3
-VMware Harbor Container Registry for PCF 1.7.x versions earlier than 1.7.6

More information can be read from the correspondent security advisory

VMware Updates Available

VMware have released updated versions of their virtualization software patching one important (CVE-2019-5527) and one moderate (CVE-2019-5535) categorized vulnerability.

Affected versions:
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201903401-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG
-VMRC for Windows earlier than 10.0.5
-VMRC for Linux earlier than 10.0.5
-Horizon Client for Windows earlier than 5.2.0
-Horizon Client for Linux earlier than 5.2.0
-Horizon Client for Mac earlier than 5.2.0
-VMware Workstation Pro/Player versions earlier than 15.5.0
-VMware Fusion earlier than 11.5.0

More information in VMware advisory here.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Vulnerabilities Fixed

Google have released a version 77.0.3865.75 of their Chrome web browser. The new version contains fixes to 52 security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

VMware Updates Available

VMware have released updated versions of their virtualization software patching two important and two moderate categorized vulnerabilities.

Affected versions:
-vCenter 6.7 earlier than U3
-vCenter 6.5 earlier than U3
-vCenter 6.0 earlier than U3j
-ESXi 6.7 without Patch Release ESXi670-201904101-SG
-ESXi 6.5 without Patch Release ESXi650-201907101-SG
-ESXi 6.0 without Patch Release ESXi600-201909101-SG

More information in VMware advisories here.

Symantec Intelligence Report: August 2019

Symantec have published their Intelligence report that sums up the latest threat trends for August 2019.
The report can be viewed here.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fixes to two critical vulnerabilities. By exploiting the vulnerabilities an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.255

- Users of Adobe Flash Player 32.0.0.238 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.255

- Users of Adobe Flash Player 32.0.0.238 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.255

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Application Manager Updated

Adobe have released a new version of their Application Manager installer for Windows. The new version contains a fix to a vulnerability that could allow arbitrary code execution in vulnerable system.

Affected version
Adobe Application Manager installer version 10.0 and earlier on Windows

More information in the security bulletin here

Microsoft Security Updates For September 2019

Microsoft have released security updates for September 2019.

Summary of the updates (filter by inserting 08/15/2019 to the From field and 09/10/2019 to the To field) here.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains patches to security vulnerabilities too. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.2.3

More information can be read from the WordPress blog.

Vulnerabilities In Mozilla Firefox

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 69 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.1 (advisory)
-Mozilla Firefox ESR 60.x earlier than 60.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

New PHP versions available

PHP development team has released 7.3.9, 7.2.22 and 7.1.32 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.9
Version 7.2.21
Version 7.1.32

Google Chrome Updated

Google have released a version 76.0.3809.132 of their Chrome web browser. The new version contains fixes to three security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

VLC Player Updated

VideoLAN project has released a new version of their VLC media player. The new version contains fixes to security vulnerabilities.

Affected are VLC Player versions prior 3.0.8. Owners of those versions should update to the latest version.

New Version Of Foxit Reader Available

Foxit Software has released version 9.6 of their Foxit Reader software. The new version contains a fix for security vulnerability.

Affected versions:
Foxit Reader 9.6.0.25114 and earlier (Windows)

More information can be read here.

Microsoft Security Updates For August 2019

Microsoft have released security updates for August 2019.

Summary of the updates (filter by inserting 07/09/2019 to the From field and 08/14/2019 to the To field) here.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve multiple critical and important categorized vulnerabilities of which many could could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 19.1.8 and earlier versions (Windows and macOS)
Adobe Photoshop CC 20.0.5 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 19.1.9 or 20.0.6 version

Instructions for updating are given in related security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix a critical (CVE-2019-7964) categorized vulnerability that could allow remote code execution in vulnerable system.

Affected are versions 6.4 and 6.5

More information from the Adobe's security advisory.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.012.20036

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30144

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30499


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Creative Cloud Desktop Application Update

Adobe has released a security update to fix vulnerabilities in their Creative Cloud Desktop Application. Two of the fixes are critical and two important.

Affected versions:
Creative Cloud Desktop Application 4.6.1 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Prelude Patched

Adobe have released an update to patch a vulnerability in their Prelude application. The vulnerability may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Prelude CC 2019 earlier than 8.1.1 version

More information in the related security bulletin here.

Adobe Premiere Pro Fixed

Adobe have released an update to patch a vulnerability in their Premiere Pro application. The vulnerability may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Premiere Pro CC 2019 earlier than 13.1.3 version

More information in the related security bulletin here.

Adobe Character Animator Fixed

Adobe have released an update to patch a vulnerability in their Character Animator application. The vulnerability may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Character Animator CC 2019 earlier than 2.1.1 version

More information in the related security bulletin here.

Adobe After Effects Updated

Adobe have released an update to patch a vulnerability in their After Effects application. The vulnerability may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe After Effects CC 2019 earlier than 16.1.2 version

More information in security bulletin.

PHP Fixes Available

PHP development team has released 7.3.8, 7.2.21 and 7.1.31 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.8
Version 7.2.21
Version 7.1.31

Google Chrome Updated

Google have released a version 76.0.3809.87 of their Chrome web browser. Among other changes the new version contains fixes to 43 security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

ITunes 12.9.6 For Windows Released

Apple have released version 12.9.6 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.6 can be read from related security advisory.

Users of old versions should update to the latest one available.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.6 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.13 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.6
-iCloud 7.13

Vulnerability Fixed In Wireshark

There have been fixed a security vulnerability in Wireshark, free open source program for analyzing network protocols. The vulnerability is related to ASN.1 BER and related dissectors. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Affected versions
-3.0.x versions 3.0.0-3.0.2
-2.6.x versions 2.6.0-2.6.9
-2.4.x versions 2.4.0-2.4.15

Non vulnerable version can be downloaded here.

More information in the security advisory

Oracle Critical Patch Update For Q3 of 2019

Oracle have released updates for their products that fix 319 security issues (including ten Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2019.

Vulnerability Fixed In Drupal

There have been released a new version of open-source content management framework Drupal. The new version fix a critical vulnerability.

The only affected version is Drupal 8.7.4. Its users should update to 8.7.5 version.

More information in Drupal security advisory

VLC Player Updated

VideoLAN project has released a new version of their VLC media player. The new version contains a fix to a heap-based buffer-overflow vulnerability. By exploiting the vulnerability it is possible to cause a denial-of-service condition denying service to legitimate users.

Affected are VLC Player versions prior 3.0.7.1. Owners of those versions should update to the latest version.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 60.8

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Vulnerabilities In Mozilla Firefox

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox 68 (advisory)
-Mozilla Firefox ESR 60.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Adobe Dreamweaver Installer Updated

Adobe has released an updated version of direct download windows installer of Adobe Dreamweaver fixing an important categorized vulnerability (CVE-2019-7956). The vulnerability is related to insecure library loading and it could lead to privilege escalation.

Affected versions:
-Adobe Dreamweaver direct download installer 18.0 and below
-Adobe Dreamweaver direct download installer 19.0 and below

More information in the security advisory>

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one moderate (CVE-2019-7955) and two important (CVE-2019-7953 and CVE-2019-7954) categorized vulnerabilities that could result in sensitive information disclosure.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

New Adobe Bridge CC Version Available

Adobe has released version 9.1 of their Bridge CC. The update fixes an important categorized vulnerability (CVE-2019-7963).

Affected are versions 9.0.2 and earlier.

More information from the Adobe's security advisory.

New Google Chrome Version Released

Google have released a version 75.0.3770.142 of their Chrome web browser. The new version contains fixes to two security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Microsoft Security Updates For July 2019

Microsoft have released security updates for July 2019.

Summary of the updates (filter by inserting 06/14/2019 to the From field and 07/09/2019 to the To field) here.

Symantec Intelligence Report: June 2019

Symantec have published their Intelligence report that sums up the latest threat trends for June 2019.
The report can be viewed here.

Latest PHP Versions Available

PHP development team has released 7.3.7 and 7.2.20 versions of the PHP scripting language. New versions contain bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.7
Version 7.2.20

Vulnerability In Mozilla Firefox

Mozilla have released updated versions of their Firefox web browser. New versions fix a high categorized vulnerability.

Affected versions:
Mozilla Firefox 67.0.4
Mozilla Firefox ESR 60.7.2

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which one critical and two high categorized.

Affected versions:
Mozilla Thunderbird versions earlier than 60.7.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Vulnerability Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix a critical vulnerability. The vulnerability is used in target attacks in the wild so it's recommended to update the browser as soon as possible.

Affected versions:
Mozilla Firefox 67.0.3
Mozilla Firefox ESR 60.7.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which four high and one low categorized.

Affected versions:
Mozilla Thunderbird versions earlier than 60.7.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Symantec Intelligence Report: May 2019

Symantec have published their Intelligence report that sums up the latest threat trends for May 2019.

The report can be viewed here.

New Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Version 3.0.7 contains fixes to 33 vulnerabilities.

Affected are VLC Player versions prior 3.0.7. Owners of those versions should update to the latest version.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain a fix to critical vulnerability (CVE-2019-7845). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. 

Affected versions:
- Users of Adobe Flash Player 32.0.0.192 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.207

- Users of Adobe Flash Player 32.0.0.192 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.207

- Users of Adobe Flash Player 32.0.0.192 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.207

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe Campaign

Adobe have released a new version of their Adobe Campaign. The new version fixes security vulnerabilities that may allow an attacker to execute arbitrary code in target system.

Affected versions are Adobe Campaign Classic 18.10.5-8984 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 19.1.1-9026).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe ColdFusion Fixed

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve three critical vulnerabilities (CVE-2019-7838, CVE-2019-7839, CVE-2019-7840) that may allow an attacker to execute arbitrary code in the affected system.

Affected versions:
- ColdFusion (2018 release): update 3 and earlier versions
- ColdFusion (2016 release): update 10 and earlier versions
- ColdFusion 11: update 18 and earlier versions

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For June 2019

Microsoft have released security updates for June 2019.

Summary of the updates (filter by inserting 05/15/2019 to the From field and 06/13/2019 to the To field) here.

VMware Updates Available

VMware have released updated versions of their virtualization software to fix two security vulnerabilities. VMware Tools are affected by an out of bounds read vulnerability (CVE-2019-5522). A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

VMware Workstation Linux version has a use-after-free vulnerability (CVE-2019-5525). A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Affected versions:
-VMware Tools 10.x Windows versions earlier than 10.3.10
-VMware Workstation 15.x Linux versions earlier than 15.1.0


More information with instructions for updating can be read from the correspondent VMware advisory.

New Google Chrome Version Released

Google have released a version 75.0.3770.80 of their Chrome web browser. Among new features the new version contains fixes to 42 security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

New Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contain fixes for security vulnerabilities.

Affected versions:
3D Plugin 9.5.0.20723 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

iCloud 7.12 For Windows Released

Apple have released version 7.12 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.12 can be read from related security advisory.

Users of old versions should update to the latest one available here.

ITunes 12.9.5 For Windows Released

Apple have released version 12.9.5 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.5 can be read from related security advisory.

Users of old versions should update to the latest one available.

Latest PHP Versions Available

PHP development team has released 7.3.6, 7.2.19 and 7.1.30 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.6
Version 7.2.19
Version 7.1.30

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 60.7

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 67 (advisory)
- Mozilla Firefox earlier than ESR 60.7 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

VMware Updates Available

VMware have released updated versions of their virtualization software patching multiple moderate categorized vulnerabilities.

Affected versions:
-vCenter 6.7 earlier than U2a
-vCenter 6.5 earlier than U2g
-vCenter 6.0 earlier than U3i
-ESXi 6.7 without Patch Release ESXi670-201905001
-ESXi 6.5 without Patch Release ESXi650-201905001
-ESXi 6.0 without Patch Release ESXi600-201905001
-VMware Workstation Pro/Player versions earlier than 15.1.0
-VMware Fusion earlier than 11.1.0

More information in VMware advisories here and here.

Critical Vulnerability In Citrix Workspace App And Receiver For Windows

There has been found a critical vulnerability in Citrix Workspace app and Receiver for Windows. By exploiting the vulnerability an attacker could run arbitrary code on the client system.

Affected versions:
- Citrix Workspace app earlier than version 1904
- Receiver for Windows earlier than version 4.9.6001.


More information here

Adobe Media Encoder Patched

Adobe have released an updated versions of their Media Encoder. The new versions fix two vulnerabilities of which one a critical vulnerability (CVE-2019-7842) related to file parsing. By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. The other vulnerability is an information disclosure vulnerability (CVE-2019-7844) and it is categorized as important.

Affected versions:
- Adobe Media Encoder versions earlier than 13.1


More information can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain a fix to critical vulnerability (CVE-2019-7837). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. 

Affected versions:
- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.192    

- Users of Adobe Flash Player 32.0.0.171 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.192

- Users of Adobe Flash Player 32.0.0.171 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.192

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099

*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30142

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30497


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Chrome Vulnerability Fixed

Google have released 74.0.3729.157 version of their Chrome web browser. The new version contains a fix to a security vulnerability. More information in Chrome release blog.

Microsoft Security Updates For May 2019

Microsoft have released security updates for May 2019.

Summary of the updates (filter by inserting 04/13/2019 to the From field and 05/14/2019 to the To field) here.

Symantec Intelligence Report: April 2019

Symantec have published their Intelligence report that sums up the latest threat trends for April 2019.

The report can be viewed here.

New Drupal Versions Available

There have been released new versions of open-source content management framework Drupal. New versions contain patched version of third party libraries required by Drupal core.

Affected versions:
Drupal core 8.7.x versions prior to 8.7.1
Drupal core 8.6.x versions prior to 8.6.16
Drupal 7.x versions prior to 7.67

More information in Drupal security advisory.

Latest PHP Versions Available

PHP development team has released 7.3.5, 7.2.18 and 7.1.29 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.5
Version 7.2.18
Version 7.1.29

Oracle Critical Patch Update For Q2 of 2019

Oracle have released updates for their products that fix 297 security issues (including five Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2019.

Symantec Intelligence Report: March 2019

Symantec have published their Intelligence report that sums up the latest threat trends for March 2019.

The report can be viewed here.

New Adobe Bridge CC Version Available

Adobe has released version 9.0.3 of their Bridge CC. The update fixes five vulnerabilities of which two critical and three important.

Affected are versions 9.0.2 and earlier.

More information from the Adobe's security advisory.

Adobe Experience Manager Forms Updated

Adobe has released updated versions of their Experience Manager Forms. Updates fix one important (CVE-2019-7129) categorized vulnerability that could result in sensitive information disclosure.

Affected are versions 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves a critical vulnerability (CVE-2019-7107) that could be abused to execute code remotely. The vulnerability is caused by unsafe hyperlink processing.

Affected versions:
- Adobe InDesign earlier than 14.0.2

More information can be read from Adobe's security bulletin.

Adobe XD Updated

Adobe has released a new version (17.0.12) of their Adobe XD software. The updated version contains fixes to two arbitrary code execution vulnerabilities (CVE-2019-7105, CVE-2019-7106).

Affected are 16.0 and earlier versions.

More information can be read from the security bulletin.

Foxit Studio Photo Updated

Foxit has released a new version of their Studio Photo application. Among other fixes the updated version patches multiple information disclosure vulnerabilities.

Affected versions:
3.6.6.779 and earlier

More information can be read here. The latest version is downloadable here

Adobe Dreamweaver Updated

Adobe have released updated version of their Dreamweaver.  This update resolves a vulnerability rated moderate related to the use of the Server Message Block (SMB) protocol when handling UNC paths in Dreamweaver.

Affected versions:
- Adobe Dreamweaver earlier than 19.1

More information can be read from Adobe's security bulletin.

Shockwave Player Updated

Adobe have released an updated version of their Shockwave Player. The new version fixes multiple critically categorized security vulnerabilities that could potentially lead to arbitrary code execution in the context of the current user.

Users of Adobe Shockwave Player 12.3.4.204 and earlier should update to Adobe Shockwave Player 12.3.5.205.

More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2019

Microsoft have released security updates for April 2019.

Summary of the updates (filter by inserting 03/13/2019 to the From field and 04/12/2019 to the To field) here.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain two security vulnerability fixes. One of the vulnerabilities is an arbitrary code execution vulnerability (CVE-2019-7096) and the other an information disclosure vulnerability (CVE-2019-7108).

Affected versions:
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.171

- Users of Adobe Flash Player 32.0.0.156 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.171

- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.171

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting some of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099

*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30138

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30493


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Latest PHP Versions Available

PHP development team has released 7.3.4, 7.2.17 and 7.1.28 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.4
Version 7.2.17
Version 7.1.28

VMware Updates Available

VMware has released security updates to vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 6.7 without ESXi670-201903001 patch
- VMware ESXi 6.5 without ESXi650-201903001 patch
- VMware ESXi 6.0 without ESXi600-201903001 patch
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.4
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.7
- VMware Fusion Pro / Fusion 11.x versions earlier than 11.0.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.6

Further information including updating instructions can be read from VMware's security advisory.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 60.6.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

New Version Of iCloud For Windows Released

Apple have released version 7.11 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.11 can be read from related security advisory.

Users of old versions should update to the latest one available here.

ITunes 12.9.4 For Windows Released

Apple have released version 12.9.4 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.4 can be read from related security advisory.

Users of old versions should update to the latest one available.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 66.0.1 (advisory)
- Mozilla Firefox earlier than ESR 60.6.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

VMware Workstation Updates Available

VMware has released security updates to two elevation of privilege vulnerabilities (CVE-2019-5511, CVE-2019-5512) in their virtualization applications.

Affected versions:
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.3 for Windows
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.6 for Windows

Further information including updating instructions can be read from VMware's security advisory.

VMware Horizon Updates Available

VMware has released new versions of their Horizon for Windows. New versions fix a Connection Server information disclosure vulnerability (CVE-2019-5513).

Affected versions:
-VMware Horizon 6 earlier than version 6.2.8 + KB67401 update for Windows
-VMware Horizon 7 (Extended Service Branches, ESB) earlier than version 7.5.2 + KB67401 update for Windows
-VMware Horizon 7 (Current Releases, CR) earlier than version 7.8 + KB67424 update for Windows

More information (including links to patches) in security advisory.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to two security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.1.1

More information can be read from the WordPress blog.

New Google Chrome Version Released

Google have released a version 73.0.3683.75 of their Chrome web browser. Among new features the new version contains fixes to 60 security vulnerabilities. More information about changes can be viewed in Google Chrome Releases blog.

Microsoft Security Updates For March 2019

Microsoft have released security updates for March 2019.

Summary of the updates (filter by inserting 02/13/2019 to the From field and 03/13/2019 to the To field) here.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. Successful exploitation of the fixed vulnerability (CVE-2019-7095) could lead to arbitrary code execution in the context of the current user.

Affected versions are Adobe Digital Editions 4.5.10.185749 and earlier versions on Windows. Users of affected versions should update their versions to the latest one (currently 4.5.10.186048).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical categorized vulnerability (CVE-2019-7094) that could could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 19.1.7 and earlier versions (Windows and macOS)
Adobe Photoshop CC 20.0.2 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 19.1.8 or 20.0.4 version

Instructions for updating are given in related security bulletin.

Latest PHP Versions Available

PHP development team has released 7.3.3, 7.2.16 and 7.1.27 versions of the PHP scripting language Among other minor bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.3
Version 7.2.16
Version 7.1.27

Symantec Intelligence Report: February 2019

Symantec have published their Intelligence report that sums up the latest threat trends for February 2019.

The report can be viewed here.

Chrome Vulnerability Fixed

Google have released 72.0.3626.121 version of their Chrome web browser. The new version contains a fix to a security vulnerability (CVE-2019-5786). More information in Chrome release blog.

Microsoft Security Intelligence Report Volume 24 Available

Microsoft have released volume 24 of their Security Intelligence Report (SIR). This edition of the report is a reflection on last year’s security events and includes an overview of the security landscape, lessons learned from the field, and recommended best practices. The report can be accessed here.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 60.5.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 65.0.1 (advisory)
- Mozilla Firefox earlier than ESR 60.5.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Google Chrome Updated

Google have released a version 72.0.3626.109 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain one security vulnerability fix. Successful exploitation of the vulnerability (CVE-2019-7090) may lead to information disclosure in the context of current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.114 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.142

- Users of Adobe Flash Player 32.0.0.114 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.142

- Users of Adobe Flash Player 32.0.0.114 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.142

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Creative Cloud Desktop Application Update

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application. The vulnerability is an insecure library loading (DLL hijacking) vulnerability that could lead to privilege escalation (CVE-2019-7093).

Affected versions:
Creative Cloud Desktop Application 4.7.0.400 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe ColdFusion Fix Available

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve security vulnerabilities of which one critical (CVE-2019-7091) and one important (CVE-2019-7092). Successful exploitation of the critical vulnerability may allow an attacker to execute arbitrary code in the affected system.

Affected versions:
- ColdFusion (2018 release): update 1 and earlier versions
- ColdFusion (2016 release): update 7 and earlier versions
- ColdFusion 11: update 15 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20091

*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30120

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30475


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For February 2019

Microsoft have released security updates for February 2019.

Summary of the updates (filter by inserting 01/09/2019 to the From field and 02/12/2019 to the To field) here.

Latest PHP Versions Available

PHP development team has released 7.3.2 and 7.2.15 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.2
Version 7.2.15

Chrome Vulnerability Fixed

Google have released 72.0.3626.96 version of their Chrome web browser. The new version contains a fix to a security vulnerability (CVE-2019-5784). More information in Chrome release blog.

Symantec Intelligence Report: January 2019

Symantec have published their Intelligence report that sums up the latest threat trends for January 2019.

The report can be viewed here.

New Google Chrome Version Released

Google have released a version 72.0.3626.81 of their Chrome web browser. Among new features the new version contains fixes to 58 security vulnerabilities. More information about changes can be viewed in Google Chrome Releases blog.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities including some critical ones.

Affected products are:
- Mozilla Firefox earlier than 65 (advisory)
- Mozilla Firefox earlier than ESR 60.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 60.5

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

ITunes 12.9.3 For Windows Released

Apple have released version 12.9.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.10 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.10 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Adobe Experience Manager Forms Updated

Adobe has released updated versions of their Experience Manager Forms. Updates fix one important (CVE-2018-19724) categorized vulnerability that could result in sensitive information disclosure.

Affected are versions 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one moderate (CVE-2018-19727) and one important (CVE-2018-19726) categorized vulnerabilities that could result in sensitive information disclosure.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

New Foxit PhantomPDF Version Available

Foxit Software has released version 8.3.9 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 8.3.8.39677 and earlier (Windows)

More information can be read here.

Vulnerabilities Fixed In Drupal

There have been released new versions of open-source content management framework Drupal. The new versions fix critical vulnerabilities.

Affected versions:
Drupal core 7.x versions prior to 7.62
Drupal core 8.6.x versions prior to 8.6.6
Drupal core 8.5.x versions prior to 8.5.9

More information in Drupal security advisories:
- SA-CORE-2019-001
- SA-CORE-2019-002

Oracle Critical Patch Update For Q1 of 2019

Oracle have released updates for their products that fix 284 security issues (including five Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2019.

Symantec Intelligence Report: December 2018

Symantec have published their Intelligence report that sums up the latest threat trends for December 2018.

The report can be viewed here.

Latest PHP Versions Available

PHP development team has released 7.3.1, 7.2.14, 7.1.26 and 5.6.40 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.1
Version 7.2.14
Version 7.1.26
Version 5.6.40

New Version Of Foxit PDF ActiveX Available

Foxit Software has released new version of their Foxit PDF ActiveX. The new version contain fixes for security vulnerabilities. By exploiting the vulnerabilities attacker may be able to execute arbitrary code in target system.

Affected versions:
Foxit PDF ActiveX 5.5.0 and earlier (Windows)

More information can be read here.

Microsoft Security Updates For January 2019

Microsoft have released security updates for January 2019.

Summary of the updates (filter by inserting 12/12/2018 to the From field and 01/08/2019 to the To field) here.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an important categorized session token exposure vulnerability (CVE-2018-19718).

Affected versions:
- Adobe Connect earlier than 9.8.1

More information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. Successful exploitation of the fixed vulnerability (CVE-2018-12817) could lead to information disclosure in the context of the current user.

Affected versions are Adobe Digital Editions 4.5.9 and earlier versions on Windows, macOS, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.9).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fixing of feature and performance bugs. This time no security related fixes was included.

Affected versions:
- Users of Adobe Flash Player 32.0.0.101 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.114

- Users of Adobe Flash Player 32.0.0.101 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.114

- Users of Adobe Flash Player 32.0.0.101 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.114

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.4 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.3.0.10826 and earlier (Windows)
Foxit PhantomPDF 9.3.0.10826 and earlier (Windows)

More information can be read here.

New Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contain fixes for security vulnerabilities.

Affected versions:
3D Plugin 9.3.0.10826 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix two vulnerabilities (CVE-2018-16011 and CVE-2018-16018) in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting one of the vulnerabilities (CVE-2018-16011) could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20069

*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30113

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30464


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.