Friday, January 25, 2019

ITunes 12.9.3 For Windows Released

Apple have released version 12.9.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.10 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.10 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Adobe Experience Manager Forms Updated

Adobe has released updated versions of their Experience Manager Forms. Updates fix one important (CVE-2018-19724) categorized vulnerability that could result in sensitive information disclosure.

Affected are versions 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one moderate (CVE-2018-19727) and one important (CVE-2018-19726) categorized vulnerabilities that could result in sensitive information disclosure.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Friday, January 18, 2019

New Foxit PhantomPDF Version Available

Foxit Software has released version 8.3.9 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 8.3.8.39677 and earlier (Windows)

More information can be read here.

Vulnerabilities Fixed In Drupal

There have been released new versions of open-source content management framework Drupal. The new versions fix critical vulnerabilities.

Affected versions:
Drupal core 7.x versions prior to 7.62
Drupal core 8.6.x versions prior to 8.6.6
Drupal core 8.5.x versions prior to 8.5.9

More information in Drupal security advisories:
- SA-CORE-2019-001
- SA-CORE-2019-002

Oracle Critical Patch Update For Q1 of 2019

Oracle have released updates for their products that fix 284 security issues (including five Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2019.

Monday, January 14, 2019

Symantec Intelligence Report: December 2018

Symantec have published their Intelligence report that sums up the latest threat trends for December 2018.

The report can be viewed here.

Latest PHP Versions Available

PHP development team has released 7.3.1, 7.2.14, 7.1.26 and 5.6.40 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.1
Version 7.2.14
Version 7.1.26
Version 5.6.40

Friday, January 11, 2019

New Version Of Foxit PDF ActiveX Available

Foxit Software has released new version of their Foxit PDF ActiveX. The new version contain fixes for security vulnerabilities. By exploiting the vulnerabilities attacker may be able to execute arbitrary code in target system.

Affected versions:
Foxit PDF ActiveX 5.5.0 and earlier (Windows)

More information can be read here.

Wednesday, January 9, 2019

Microsoft Security Updates For January 2019

Microsoft have released security updates for January 2019.

Summary of the updates (filter by inserting 12/12/2018 to the From field and 01/08/2019 to the To field) here.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an important categorized session token exposure vulnerability (CVE-2018-19718).

Affected versions:
- Adobe Connect earlier than 9.8.1

More information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. Successful exploitation of the fixed vulnerability (CVE-2018-12817) could lead to information disclosure in the context of the current user.

Affected versions are Adobe Digital Editions 4.5.9 and earlier versions on Windows, macOS, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.9).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fixing of feature and performance bugs. This time no security related fixes was included.

Affected versions:
- Users of Adobe Flash Player 32.0.0.101 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.114

- Users of Adobe Flash Player 32.0.0.101 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.114

- Users of Adobe Flash Player 32.0.0.101 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.114

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, January 4, 2019

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.4 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.3.0.10826 and earlier (Windows)
Foxit PhantomPDF 9.3.0.10826 and earlier (Windows)

More information can be read here.

New Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contain fixes for security vulnerabilities.

Affected versions:
3D Plugin 9.3.0.10826 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix two vulnerabilities (CVE-2018-16011 and CVE-2018-16018) in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting one of the vulnerabilities (CVE-2018-16011) could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20069

*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30113

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30464


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.