Sunday, December 27, 2020

HPE Systems Insight Manager Vulnerability

There has been found a critical vulnerability (CVE-2020-7200) in Hewlett Packard Enterprise (HPE) Systems Insight Manager software. By exploiting the vulnerability it may be possible to run arbitrary code in vulnerable system.

Affected versions
HPE Systems Insight Manager (SIM) 7.6.x for Windows

Currently there is no patch available. HPE has published a workaround that can be used until new software version is available. Instructions are available in the HPE support article here.


Mozilla Firefox Updated

Mozilla have released new versions for Firefox web browser. The new versions fix a bunch of security vulnerabilities.

Affected versions
- Firefox earlier than 84 (advisory)
- Firefox ESR 78.x earlier than 78.6 (advisory)

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing fixes to a bunch of security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Tuesday, December 22, 2020

Foxit Reader And Foxit PhantomPDF Updated

Foxit Software has released version 10.1.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 10.1.0.37527 and earlier (Windows)
Foxit PhantomPDF 10.1.0.37527 and earlier (Windows)

More information can be read here.

Sunday, December 13, 2020

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a vulnerability (CVE-2020-29075) in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerability could lead to information disclosure in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.013.20074

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30018

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30188


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Lightroom Updated

Adobe have released security update to fix a critical vulnerability (CVE-2020-24447) in Adobe Lightroom Classic. Exploiting the vulnerability could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Lightroom Classic earlier than 10.1


Users of vulnerable versions are instructed to update their versions by using the Creative Cloud desktop app's update functionality (help).

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two vulnerabilities of which one is categorized as critical (CVE-2020-24445) and the other as important (CVE-2020-24444). Successful exploitation of the critical vulnerability could result in arbitrary JavaScript execution in the browser.

Affected versions

Adobe Experience Manager
- 6.5.6.0 and earlier
- 6.4.8.2 and earlier
- 6.3.3.8 and earlier
- 6.2 SP1-CFP20 and earlier

AEM Forms add-on
- AEM Forms Service Pack 6 add-on package for AEM 6.5.6.0
- AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2)

More information from the Adobe's security advisory.

Adobe Prelude Update Available

Adobe have released an update to patch a critical vulnerability (CVE-2020-24440) in their Prelude application. The vulnerability may allow arbitrary code execution in vulnerable system in the context of the current user.

Affected versions:
Adobe Prelude earlier than 9.0.2 version

More information in the related security bulletin here.

Microsoft Security Updates For December 2020

Microsoft have released security updates for December 2020.

Release notes of the updates can be viewed here.

Tuesday, December 8, 2020

New iCloud Version For Windows Released

Apple have released an updated version of their iCloud client for Windows. The new version fixes security vulnerabilities.

iCloud for Windows 11.5 is available via Windows Store.

More information about the security content of the new versions can be read from the correspondent security advisory.

ITunes 12.11 For Windows Released

Apple have released version 12.11 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.11 can be read from related security advisory.

Users of old versions should update to the latest one available.

Friday, December 4, 2020

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing a fix to a stack overflow vulnerability (CVE-2020-26970).

Affected versions:
- Mozilla Thunderbird earlier than 78.5.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome updated

Google have released version 87.0.4280.88 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to eight security vulnerabilities.

More information can be read from Google Chrome releases blog.

Wednesday, November 25, 2020

VMware Patches Available

VMware has released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-4004, CVE-2020-4005).

Affected versions:
-VMware ESXi 7.0 without ESXi70U1b-17168206
-VMware ESXi 6.7 without ESXi670-202011101-SG update
-VMware ESXi 6.5 without ESXi650-202011301-SG update
-VMware Cloud Foundation (ESXi) 4.x earlier than 4.1.0.1
-VMware Cloud Foundation (ESXi) 3.x earlier than 3.10.1.2
-VMware Workstation Pro/Player 15.x for Windows earlier than 15.5.7
-VMware Fusion Pro / Fusion 11.x earlier than 11.5.7

More information in the VMware advisory.

Thursday, November 19, 2020

Google Chrome Vulnerabilities Fixed

Google have released a version 87.0.4280.66 of their Chrome web browser for Windows and Linux and version 87.0.4280.67 for macOS. In addition to other changes 33 security vulnerabilities were fixed.
 
More information about changes can be viewed in Google Chrome release blog.

Security Updates To NVIDIA GeForce NOW For Windows

NVIDIA has released an updated version of NVIDIA GeForce NOW for Windows. The update contains a fix to a vulnerabilities (CVE‑2020‑5992) that when exploited may allow code execution or escalation of privileges.

Affected versions
GeForce NOW for Windows versions earlier than 2.0.25.119.

Open the client to automatically apply the security update or install manually by following instructions here.

More information can be read in the NVIDIA security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an important categorized reflected cross-site scripting vulnerability (CVE-2020-24442, CVE-2020-24443). Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Affected versions:
- Adobe Connect earlier than 11.0.5

More information can be read from Adobe's security bulletin.

Sunday, November 15, 2020

New Version For Chrome released

Google have released version 86.0.4240.198 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to two security vulnerabilities.

More information can be read from Google Chrome releases blog.

Microsoft Security Updates For November 2020

Microsoft have released security updates for November 2020.

Summary of the updates (filter by inserting 10/14/2020 to the From field and 11/10/2020 to the To field) here.

Mozilla Firefox and Thunderbird Updated

Mozilla have released new versions for Firefox web browser and Thunderbird email client. New versions fix a critical vulnerability (CVE-2020-26950).

Affected versions
- Firefox 82.x earlier than 82.0.3
- Firefox ESR 78.x earlier than 78.4.1
- Thunderbird 78.x earlier than 78.4.2

More information in Mozilla security advisory.

Mozilla VPN Updated

Mozilla have updated their Mozilla VPN versions for Android, iOS and Windows. New versions fix an OAuth session fixation vulnerability.

Affected versions
-Mozilla VPN Android earlier than 1.1.0 (1360)
-Mozilla VPN iOS earlier than 1.0.7 (929)
-Mozilla VPN Windows earlier than 1.2.2


More information in Mozilla security advisory.

Saturday, November 7, 2020

New PHP versions available

PHP development team has released 7.4.12 and 7.3.24 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.12
Version 7.3.24

Friday, November 6, 2020

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.013.20064

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30010

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30180


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's  security bulletin.

Wednesday, November 4, 2020

Google Chrome Updated

Google have released a version 86.0.4240.183 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes ten security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Vulnerability In Windows Kernel Cryptography Driver

There has been found a critical vulnerability (CVE-2020-17087) in Windows. The vulnerability is in the Windows Kernel Cryptography driver and an attacker may be able to exploit it for privilege escalation. The vulnerability was found by Google researchers and made public. The vulnerability is being exploited in the wild in tandem with a Google Chrome vulnerability (CVE-2020-15999).

Microsoft is expected to patch the vulnerability on November 10 as a part of the monthly Patch Tuesday.

Monday, November 2, 2020

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to ten security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.5.2

More information can be read from the WordPress blog.

Saturday, October 24, 2020

VMware Horizon Server and VMware Horizon Client For Windows Updated

VMware has released updates to VMware Horizon Server and VMware Horizon Client for Windows. The new versions fix Cross Site Scripting (XSS) (CVE-2020-3997) and information disclosure security (CVE-2020-3998) vulnerabilities.

Affected versions
-VMware Horizon Server 7.x versions earlier than 7.10.3 or 7.13.0
-WMware Horizon Client for Windows earlier than 5.5.0 version

More information in the VMware security advisory.


Security Updates To NVIDIA GeForce Experience For Windows

NVIDIA has released an updated version of NVIDIA GeForce Experience for Windows. The update contains fixes to vulnerabilities (CVE‑2020‑5977, CVE‑2020‑5978, CVE‑2020‑5990) that when exploited may allow code execution, escalation of privileges, denial of service or information disclosure.

Affected versions
GeForce Experience for Windows versions earlier than 3.20.5.70.

Download the updates from the GeForce Experience Downloads page or open the client to automatically apply the security update.

More information can be read in the NVIDIA security bulletin.


VMware Vulnerability Fixes Available

VMware have released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

Affected versions:
-VMware ESXi 7.0 without ESXi_7.0.1-0.0.16850804
-VMware ESXi 6.7 without ESXi670-202010401-SG update
-VMware ESXi 6.5 without ESXi650-202010401-SG update
-VMware Cloud Foundation (ESXi) 4.x earlier than 4.1
-VMware Cloud Foundation (ESXi) 3.x earlier than 3.10.1.1
-VMware Workstation Pro/Player 15.x for Windows (patch pending, check back the advisory)
-VMware Fusion Pro / Fusion 11.x earlier than 11.5.6
-NSX-T 3.x earlier than 3.0.2
-NSX-T 2.5.x earlier than 2.5.2.2.0
-VMware Cloud Foundation (NSX-T) 4.x earlier than 4.1
-VMware Cloud Foundation (NSX-T) 3.x earlier than 3.10.1.1


More information in VMware advisory here.

Friday, October 23, 2020

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 78.4 

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 82 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.4 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Google Chrome Vulnerabilities Fixed

Google have released a version 86.0.4240.111 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes five security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Oracle Critical Patch Update For Q4 of 2020

Oracle have released updates for their products that fix 402 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2021.

Tuesday, October 20, 2020

VMware Horizon Client For Windows Fixed

VMware have released updated version (5.5.0) of Horizon Client for Windows patching one moderate (CVE-2020-3991) categorized denial-of-service vulnerability.

Affected versions:
-Horizon Client for Windows 5.x and earlier

More information in VMware advisory here.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.3.5-p1 and earlier versions
Magento Commerce 2.3.5-p2 and earlier versions
Magento Commerce 2.4.0 and earlier versions
Magento Open Source 2.3.5-p1 and earlier versions
Magento Open Source 2.3.5-p2 and earlier versions
Magento Open Source 2.4.0 and earlier versions

More information in the correspondent security bulletin.

Thursday, October 15, 2020

Vulnerabilities In Acronis Backup Software

There have been found privilege escalation vulnerabilities (CVE-2020-10138, CVE-2020-10139 and CVE-2020-10140) in Acronis True Image, Cyber Backup and Cyber Protection backup software. By exploiting the vulnerabilities an unprivileged Windows user is able to run arbitrary code with SYSTEM privileges.

Affected versions
Acronis True Image 2021 earlier than build 32010
Acronis Cyber Backup 12.5 earlier than build 16363
Acronis Cyber Protect 15 earlier than build 24600


More information here.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fix to a critical vulnerability (CVE-2020-9746). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.433 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.445

- Users of Adobe Flash Player 32.0.0.433 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.445

- Users of Adobe Flash Player 32.0.0.433 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.445

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For October 2020

Microsoft have released security updates for October 2020.

Summary of the updates (filter by inserting 09/07/2020 to the From field and 10/13/2020 to the To field) here.

Thursday, October 8, 2020

Google Chrome Updated

Google have released a version 86.0.4240.75 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes 35 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Friday, October 2, 2020

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 10.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 10.0.1.35811 and earlier (Windows)
Foxit PhantomPDF 10.0.1.35811 and earlier (Windows)

More information can be read here.

Updated Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contains a fix for a security vulnerability which may lead to information disclosure or remote code execution.

Affected versions:
3D Plugin 10.0.1.35811 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

New PHP versions available

PHP development team has released 7.4.11, 7.3.23 and 7.2.34 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 11.4 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.21 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.4
-iCloud 7.21

Monday, September 28, 2020

VMware Horizon DaaS Updated


VMware has released a new update to their Horizon DaaS software. New version fixes a broken authentication vulnerability (CVE-2020-3977). Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit the vulnerability an attacker must have a legitimate account on Horizon DaaS.

Affected versions:
-Horizon DaaS 7.x & 8.x

For Horizon DaaS 8.x versions there is 8.0.1 Update 1 that fixes the issue.

More information can be read from the corresponding advisory.

Mozilla Firefox Vulnerabilities Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 81 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated versions of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 78.3 (advisory)


Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Chrome Fixes Available

Google have released a version 85.0.4183.121 of their Chrome web browser. In addition to other changes 10 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Thursday, September 17, 2020

VMware Software Patches Available

VMware have released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-3976).


Affected versions:

-VMware Workstation Pro/Player 15.x for Windows (patch pending, check back the advisory)

-VMware Fusion Pro / Fusion 11.x (patch pending, check back the advisory)

-Horizon Client for Windows 5.x versions earlier than 5.4.4


More information in VMware advisory here

Adobe Media Encoder Updated

Adobe have released updated versions of their Media Encoder. The new versions fix three important categorized vulnerabilities (CVE-2020-9739, CVE-2020-9744, CVE-2020-9745). The vulnerabilities could lead to information disclosure in the context of the current user.


Affected versions:

- Adobe Media Encoder versions earlier than 14.4


More information in related security bulletin.

Saturday, September 12, 2020

Google Chrome Update Released

Google have released a version 85.0.4183.102 of their Chrome web browser. Updated version contains fixes to five security vulnerabilities. More information about changes can be viewed in Google Chrome release blog.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix a bunch of vulnerabilities of which some are categorized as critical. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser.

Affected versions

Adobe Experience Manager
- 6.5.5.0 and earlier
- 6.4.8.1 and earlier
- 6.3.3.8 and earlier
- 6.2 SP1-CFP20 and earlier

AEM Forms add-on
- AEM Forms Service Pack 5 add-on package for AEM 6.5.5.0
- AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 1 (6.4.8.1)

More information from the Adobe's security advisory.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fixes to two critical security vulnerabilities (CVE-2020-9726, CVE-2020-9725). Successful exploitation of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected are versions 2019.0.6 and below for Windows.

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves critical vulnerabilities that could be abused to execute code remotely in the context of the current user.

Affected versions:
- Adobe InDesign earlier than 15.1.2

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2020

Microsoft have released security updates for September 2020.

Summary of the updates (filter by inserting 08/12/2020 to the From field and 09/08/2020 to the To field) here.

Saturday, September 5, 2020

Latest PHP Versions Available

PHP development team has released 7.4.10 and 7.3.22 versions of the PHP scripting language. New versions contain bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.10
Version 7.3.22

Foxit PhantomPDF Update Available

Foxit Software has released version 9.7.3 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 9.7.2.29539 and earlier (Windows)

More information can be read here.

Foxit Studio Photo Updated

Foxit has released a new version of their Studio Photo application. Among other fixes the updated version patches an information disclosure vulnerability. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2020-17403/CVE-2020-17404)

Affected versions:
3.6.6.927 and earlier

More information can be read here. The latest version is downloadable here.

Monday, August 31, 2020

Mozilla Thunderbird Updated

Mozilla have released updated versions of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.2 (advisory)
- Mozilla Thunderbird earlier than 68.12 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Vulnerabilities Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 80 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.2 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.12 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

VMware Vulnerabilities Fixed

VMware have released updated versions of their virtualization software patching a security vulnerability (CVE-2020-3976).

Affected versions:
-VMware ESXi 7.0 without ESXi_7.0.0-1.25.16324942 update
-VMware ESXi 6.7 without ESXi670-202008101-SG / ESXi670-202008401-BG update
-VMware ESXi 6.5 without ESXi650-202007401-BG / ESXi650-202007101-SG update
-VMware Cloud Foundation (ESXi) 4.x.x versions earlier than 4.0.1
-VMware Cloud Foundation (ESXi) 3.x.x versions earlier than 3.10.0
-vCenter Server 7.x versions earlier than 7.0.0b
-vCenter Server 6.7.x versions earlier than 6.7u3j
-vCenter Server 6.5.x versions earlier than 6.5u3k
-VMware Cloud Foundation (vCenter) 4.x.x versions earlier than 4.0.1
-VMware Cloud Foundation (vCenter) 3.x.x versions earlier than 3.10.1 (release pending)

More information in VMware advisory here.

Thursday, August 27, 2020

New Chrome Version Available

Google have released a version 85.0.4183.83 of their Chrome web browser. In addition to other changes 20 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Friday, August 14, 2020

vBulletin Update Available

There has been released an update to vBulletin, a popular forum software that is used on almost 20000 internet sites to address a critical security vulnerability. The vulnerability bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. There have already been seen attacks in the wild exploiting this vulnerability.

Currently there are fix available for these vBulletin versions:
5.6.2
5.6.1
5.6.0

All other versions of vBulletin prior to the 5.6.x branch are considered vulnerable. Users should migrate over to a patched version as soon as possible.

Instructions for updating:
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch

More information:
https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed

Wednesday, August 12, 2020

Google Chrome Updated

Google have released a version 84.0.4147.125 of their Chrome web browser. In addition to other changes 15 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Adobe Lightroom Updated

Adobe have released security update to fix a vulnerability (CVE-2020-9724) in Adobe Lightroom Classic. Exploiting the vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
*Lightroom Classic earlier than 9.3


Users of vulnerable versions are instructed to update their versions by using the Creative Cloud desktop app's update functionality (help).

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.012.20041

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30005

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30175

*Acrobat 2015 and Acrobat Reader 2015, 2015 classic track
versions earlier than 2015.006.30527


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's  security bulletin.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 11.3 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.20 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.3
-iCloud 7.20

ITunes 12.10.8 For Windows Released

Apple have released version 12.10.8 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.7 can be read from related security advisory.

Users of old versions should update to the latest one available.

Vulnerability In Newsletter Plugin Fixed

There has been released an update to Newsletter, a WordPress plugin. This plugin is used in over 300000 installations. Fix includes patch to security vulnerabilities.

Affected versions:
Newsletter WordPress plugin versions earlier than 6.8.2

More information in Wordfence blog

New PHP versions available

PHP development team has released 7.4.9, 7.3.21 and 7.2.33 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.9
Version 7.3.21
Version 7.2.33

Microsoft Security Updates For August 2020

Microsoft have released security updates for August 2020.

Summary of the updates (filter by inserting 07/10/2020 to the From field and 08/11/2020 to the To field) here.

Vulnerability in Divi, Extra and Divi Builder Fixed

There have been released updates to two themes by Elegant Themes, Divi and Extra and also to Divi Builder which is a WordPress plugin. Together these products are used on aproximately 700000 sites. The vulnerability gives authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

Affected versions:
Divi versions between 3.0 and 4.5.2
Extra versions between 2.0 and 4.5.2
Divi Builder versions between 2.0 and 4.5.2

More information in Wordfence blog.

Sunday, August 2, 2020

wpDiscuz Vulnerability Fixed

There has been released an update to wpDiscuz which is a WordPress plugin with over 80000 installations. The updated version fixes a critical categorized security vulnerability. The vulnerability gives unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

Affected versions:
wpDiscuz versions between 7.0.0 and 7.0.4

More information in Wordfence blog here.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 79 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.1 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.11 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird New Versions Released

Mozilla have released updated versions of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.1 (advisory)
- Mozilla Thunderbird earlier than 68.11 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Saturday, August 1, 2020

Oracle Critical Patch Update For Q3 of 2020

Oracle have released updates for their products that fix 444 security issues (including 11 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2020.

Wednesday, July 22, 2020

All In One SEO Pack Vulnerability Fixed

There has been released an update to All In One SEO Pack which is a WordPress plugin with over 2 million installations. The updated version fixes a medium categorized security vulnerability.

Affected versions:
All In One SEO Pack versions earlier than 3.6.2

More information in Wordfence blog here.

New PHP versions available

PHP development team has released 7.4.8, 7.3.20 and 7.2.32 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.8
Version 7.3.20
Version 7.2.32

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 78

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Adobe Prelude Update Available

Adobe have released an update to patch critical vulnerabilities (CVE-2020-9677, CVE-2020-9678, CVE-2020-9679, CVE-2020-9680) in their Prelude application. The vulnerabilities may allow arbitrary code execution in vulnerable system in the context of the current user.

Affected versions:
Adobe Prelude earlier than 9.0.1 version

More information in the related security bulletin here.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve multiple vulnerabilities (CVE-2020-9683, CVE-2020-9684, CVE-2020-9685, CVE-2020-9686, CVE-2020-9687) which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 20.0.9 and earlier versions (Windows)
Adobe Photoshop CC 21.2 and earlier versions (Windows)

Solution:
Update to Adobe Photoshop CC 20.0.10 or 21.2.1 version

Instructions for updating are given in related security bulletin.

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves three critical vulnerabilities (CVE-2020-9674, CVE-2020-9675, CVE-2020-9676) which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.0.3 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Adobe Download Manager Updated

Adobe has released updated version of their Download Manager for Windows. The new version fixes one critical (CVE-2020-9688) categorized vulnerability that could lead to arbitrary code execution.

Affected is version 2.0.0.518. The new version 2.0.0.529 is available for Adobe Reader for Windows here and for Adobe Flash Player for Windows here.

More information from the Adobe's security advisory.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves two important categorized (CVE-2020-9672, CVE-2020-9673) vulnerabilities that could lead to privilege escalation.

Affected versions:
- ColdFusion (2018 release): update 9 and earlier versions
- ColdFusion (2016 release): update 15 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Genuine Service Updated

Adobe have released security updates to fix vulnerabilities (CVE-2020-9667, CVE-2020-9668, CVE-2020-9681) in their Genuine Service. The vulnerabilities could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Service earlier than 7.1 on Windows and macOS


Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Media Encoder Updated

Adobe have released an updated versions of their Media Encoder. The new versions fix two vulnerabilities categorized as critical (CVE-2020-9646, CVE-2020-9650) and one as important (CVE-2020-9649). By exploiting the critical vulnerabilities an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Adobe Media Encoder versions earlier than 14.3

More information in security bulletin.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file system write and privilege escalation in the context of the current user (CVE-2020-9682, CVE-2020-9669, CVE-2020-9670, CVE-2020-9671).

Affected versions:
Creative Cloud Desktop Application 5.1 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For July 2020

Microsoft have released security updates for July 2020.

Summary of the updates (filter by inserting 06/10/2020 to the From field and 07/14/2020 to the To field) here.

Google Chrome Updated

Google have released a version 84.0.4147.89 of their Chrome web browser. Updated version contains fixes to 38 security vulnerabilities. More information about changes can be viewed in Google Chrome release blog.

Thursday, July 9, 2020

Kernel Data Protection (KDP) Coming To Windows 10

Microsoft is bringing Kernel Data Protection (KDP) to Windows 10. Currently it's being tested with Windows 10 Insider builds.

Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.

More information and technical details about KDP can be read from Microsoft security blog.

NVIDIA GeForce Experience Fixed

NVIDIA has released a new version of GeForce Experience software. The new version fixes a vulnerability (CVE‑2020‑5964) that may lead to code execution, denial of service or escalation of privileges.

Affected versions
GeForce Experience for Windows versions earlier than 3.20.4

More information and instructions for updating can be read from the NVIDIA security bulletin.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.10.0

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Thursday, July 2, 2020

Mozilla Firefox New Version Released

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 78 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, June 29, 2020

VMware Updates Available

VMware have released updated versions of their virtualization software patching security vulnerabilities.

Affected versions:
-VMware ESXi 7.0 without ESXi_7.0.0-1.20.16321839 update
-VMware ESXi 6.7 without ESXi670-202004101-SG update
-VMware ESXi 6.5 without ESXi650-202005401-SG update
-VMware Workstation Pro/Player versions earlier than 15.5.5
-VMware Cloud Foundation 4.x versions earlier than 4.0.1
-VMware Cloud Foundation 3.x versions earlier than 3.10.0.1 (release of 3.10.0.1 is pending at the moment of writing this)

More information in VMware advisory here.

New Google Chrome Patch Released

Google have released a version 83.0.4103.116 of their Chrome web browser. The new version contains two fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Thursday, June 18, 2020

VLC Player Updated

VideoLAN project has released a new version of their VLC media player. The new version contains a fix to a security vulnerability (CVE-2020-13428). By exploiting the vulnerability a remote user could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

Affected are VLC Player versions prior 3.0.11. Owners of those versions should update to the latest version.

More information about the vulnerability here

Adobe Audition Update

Adobe have released an update to patch critical vulnerabilities in their Adobe Audition application. The vulnerabilities (CVE-2020-9658, CVE-2020-9659) may lead to arbitrary code execution in the context of the current user in vulnerable system.

Affected versions:
Adobe Audition 13.0.6 and earlier versions for Windows

More information in the related security bulletin.

Adobe Premiere Rush Fixed

Adobe have released an update to patch critical vulnerabilities in Premiere Rush application. The vulnerabilities (CVE-2020-9656, CVE-2020-9657, CVE-2020-9655) may allow arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Premiere Rush earlier than 1.5.16 version for Windows

More information in the related security bulletin here.

Adobe Premiere Pro Fixed

Adobe have released an update to patch vulnerabilities in their Premiere Pro application. The vulnerabilities (CVE-2020-9653, CVE-2020-9654, CVE-2020-9652) may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Premiere Pro earlier than 14.3 version for Windows

More information in the related security bulletin here.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes critical vulnerabilities (CVE-2020-9642, CVE-2020-9575, CVE-2020-9641, CVE-2020-9640, CVE-2020-9639) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2020 24.1.2 and earlier versions

More information in the correspondent security bulletin.

Adobe After Effects Updated

Adobe have released an update to patch critical vulnerabilities in their After Effects application for Windows. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
Adobe After Effects earlier than 17.1.1 version

More information in security bulletin.

Vulnerability Fixed In Adobe Campaign Classic

Adobe have released a new version of their Adobe Campaign Classic. The new version fixes a security vulnerability (CVE-2020-9666) that may result in information disclosure.

Affected versions are Adobe Campaign Classic 20.1 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 20.2).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Tuesday, June 16, 2020

Google Chrome Updated

Google have released a version 83.0.4103.106 of their Chrome web browser. Updated version contains fixes to four security vulnerabilities. More information about changes can be viewed in Google Chrome release blog.

WordPress 5.4.2 Released

There has been released a new version of WordPress (blogging tool and content management system). Version 5.4.2 fixes security bugs.

Affected versions:
WordPress versions earlier than 5.4.2

More information can be read from the WordPress blog.

VMware Horizon Client For Windows Updated

VMware have released updated version (5.4.3) of Horizon Client for Windows patching one important (CVE-2020-3961) categorized privilege escalation vulnerability.

Affected versions:
-Horizon Client for Windows 5.x and earlier

More information in VMware advisory here.

Wednesday, June 10, 2020

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fix to a critical vulnerability (CVE-2020-9633). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.371 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.387

- Users of Adobe Flash Player 32.0.0.371 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.387

- Users of Adobe Flash Player 32.0.0.371 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.387

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fixes to critical security vulnerabilities. Successful exploitation of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected are versions 2019.0.5 and below for Windows.

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix important categorized vulnerabilities that could result in sensitive information disclosure.

Affected are 6.5 and earlier versions

More information from the Adobe's security advisory.

Saturday, June 6, 2020

New Google Chrome Update Released

Google have released a version 83.0.4103.97 of their Chrome web browser. The new version contains five fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Mozilla Thunderbird Vulnerabilities Fixed

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.9.0

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 77 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, June 1, 2020

VMware Vulnerabilities Fixed

VMware have released updated versions of their virtualization software patching one important (CVE-2020-3957), one moderate (CVE-2020-3958) and one low (CVE-2020-3959) categorized vulnerabilities.

Affected versions:
-VMware Workstation Pro/Player for Windows versions earlier than 15.5.2
-VMware Fusion Pro / Fusion versions earlier than 11.5.5
-ESXi 6.7 versions without patch ESXi670-202004101-SG
-ESXi 6.5 versions without patch ESXi650-202005401-SG
-Horizon Client for Windows and Mac 5.x & earlier versions (patch pending, check back the advisory)
-VMRC (VMware Remote Console) for Mac 11.x & earlier versions (patch pending, check back the advisory)

More information in VMware advisory here.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 11.2 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.19 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.2
-iCloud 7.19

ITunes 12.10.7 For Windows Released

Apple have released version 12.10.7 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.7 can be read from related security advisory.

Users of old versions should update to the latest one available.

Monday, May 25, 2020

Vulnerability In Chromium-based Microsoft Edge

There has been found a vulnerability in new Chromium-based Microsoft Edge web browser. The vulnerability is related to improper input validation in the Feedback extension. By exploiting this vulnerability an attacker may be able to write files to arbitrary locations and gain elevated privileges.

The vulnerability by itself does not allow arbitrary code to run. However, it could be used in conjunction with other vulnerabilities to take advantage of the elevated privileges when running.

Affected versions:
Microsoft Edge (Chromium-based) versions earlier than 83.0.478.37

More information available in the correspondent security advisory.

New PHP versions available

PHP development team has released 7.4.6, 7.3.18 and 7.2.31 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.6
Version 7.3.18
Version 7.2.31

Adobe Premiere Rush Updated

Adobe have released an update to patch a vulnerability in their Adobe Premiere Rush application. The vulnerability (CVE-2020-9617) may lead to information disclosure.

Affected versions:
Adobe Premiere Rush 1.5.8 and earlier versions

More information in the related security bulletin.

Adobe Audition Patch Release

Adobe have released an update to patch a vulnerability in their Adobe Audition application. The vulnerability (CVE-2020-9618) may lead to information disclosure in vulnerable system.

Affected versions:
Adobe Audition 13.0.5 and earlier versions

More information in the related security bulletin.

Adobe Premiere Pro Fix Released

Adobe have released an update to patch a vulnerability in their Premiere Pro application. The vulnerability (CVE-2020-9616) may lead to information disclosure in vulnerable system.

Affected versions:
Adobe Premiere Pro 14.1 and earlier versions

More information in the related security bulletin.

Adobe Character Animator Updated

There has been released a new version of Adobe Character Animator. The new version fixes a buffer overflow vulnerability (CVE-2020-9586) that could lead to remote code execution.

Affected versions:
Character Animator 2020 3.2 and earlier versions

More information can be read from the Adobe security bulletin.

Google Chrome New Version Released

Google have released a version 83.0.4103.61 of their Chrome web browser. In addition to other changes 38 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Wednesday, May 13, 2020

Adobe DNG Software Development Kit Vulnerabilities Fixed

Adobe has released an update for the Adobe DNG Software Development Kit (SDK). The updated version fixes arbitrary code execution and information disclosure vulnerabilities.

Affected versions
Adobe DNG Software Development Kit (SDK) 1.5 and earlier

More information in the related Adobe security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier 2020.009.20063

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30171

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30523


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For May 2020

Microsoft have released security updates for May 2020.

Summary of the updates (filter by inserting 04/14/2020 to the From field and 05/13/2020 to the To field) here.

Sunday, May 10, 2020

Mozilla Thunderbird Vulnerabilities Fixed

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which some critical.

Affected versions:
Mozilla Thunderbird versions earlier than 68.8.0

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Firefox Updated

Mozilla have released new versions of their Firefox web browser. New versions contain fixes to security vulnerabilities of which many are critical and high categorized.

Affected versions:
-Mozilla Firefox earlier than 76 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Wednesday, May 6, 2020

Google Chrome Updated

Google have released a version 81.0.4044.138 of their Chrome web browser. In addition to other changes three security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Saturday, May 2, 2020

Ninja Forms Vulnerability Fixed

There has been released an update to Ninja Forms which is a WordPress plugin with over 1 million installations. The updated version fixes a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2020-12462).

Affected versions:
Ninja Forms versions earlier than 3.4.24.2

More information in Wordfence blog here.

VMware ESXi Updated

VMware have released updated versions of VMware ESXi. Updates fix one important categorized cross-site scripting (XSS) vulnerability (CVE-2020-3955).

Affected versions:
-ESXi 6.7 without Patch Release ESXi670-202004103-SG
-ESXi 6.5 without Patch Release ESXi650-201912104-SG

More information in VMware advisories here.

WordPress 5.4.1 Released

There has been released a new version of WordPress (blogging tool and content management system). Version 5.4.1 fixes security bugs.

Affected versions:
WordPress versions earlier than 5.4.1

More information can be read from the WordPress blog.

Wednesday, April 29, 2020

Google Chrome Updated

Google have released a version 81.0.4044.129 of their Chrome web browser. In addition to other changes two security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.3.4 and earlier versions
Magento Open Source 2.3.4 and earlier versions
Magento Commerce 2.2.11 and earlier versions
Magento Open Source 2.2.11 and earlier versions
Magento Enterprise Edition 1.14.4.4 and earlier versions
Magento Community Edition 1.9.4.4 and earlier versions

More information in the correspondent security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes critical vulnerabilities (CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573, CVE-2020-9574) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2020 24.0.2 and earlier versions

More information in the correspondent security bulletin.

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves multiple critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.0.1 and earlier versions

More information can be read from Adobe's security bulletin.

Wednesday, April 22, 2020

Google Chrome Updated

Google have released a version 81.0.4044.122 of their Chrome web browser. In addition to other changes eight security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Friday, April 17, 2020

Patched Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contains a fix for a security vulnerability which may lead to information disclosure or remote code execution.

Affected versions:
3D Plugin 9.7.1.29511 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.7.2 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.7.1.29511 and earlier (Windows)
Foxit PhantomPDF 9.7.1.29511 and earlier (Windows)

More information can be read here.

Thursday, April 16, 2020

Oracle Critical Patch Update For Q2 of 2020

Oracle have released updates for their products that fix 397 security issues (including 15 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2020.

Wednesday, April 15, 2020

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fix to one information disclosure vulnerability (CVE-2020-3798).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187303 version on Windows.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe After Effects Vulnerability Fixed

Adobe have released an update to patch a vulnerability in their After Effects application. The vulnerability (CVE-2020-3809) could lead to information disclosure in the context of the current user.

Affected versions:
Adobe After Effects earlier than 17.0.6 version

More information in security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves three important categorized (CVE-2020-3767, CVE-2020-3768, CVE-2020-3796) vulnerabilities.

Affected versions:
- ColdFusion (2018 release): update 8 and earlier versions
- ColdFusion (2016 release): update 14 and earlier versions

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2020

Microsoft have released security updates for April 2020.

Summary of the updates (filter by inserting 03/11/2020 to the From field and 03/14/2020 to the To field) here.

Saturday, April 11, 2020

Firefox Vulnerabilities Fixed

Mozilla have released new versions of their Firefox web browser. New versions contain fixes to high and moderate categorized security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 75 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.7 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which some critical.

Affected versions:
Mozilla Thunderbird versions earlier than 68.7.0

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Updated

Google have released a version 81.0.4044.92 of their Chrome web browser. In addition to other changes 32 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Wednesday, April 8, 2020

Vulnerabilities In HP Support Assistant

There have been found multiple vulnerabilities in HP Support Assistant software that comes “pre-installed on HP computers sold after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems”.

Part of vulnerabilities are fixed in updated version but for local privilege escalation vulnerabilities the only way is to uninstall HP Support Assistant completely.

Information about the vulnerabilities and machine protecting instructions can be read here.

Sunday, April 5, 2020

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 74.0.1
-Mozilla Firefox ESR 68.x earlier than 68.6.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

New Google Chrome Version Released

Google have released a version 80.0.3987.163 of their Chrome web browser. More information about changes can be viewed in Google Chrome release blog.

Thursday, March 26, 2020

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.9.3 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.18 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.9.3
-iCloud 7.18

ITunes 12.10.5 For Windows Released

Apple have released version 12.10.5 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.5 can be read from related security advisory.

Users of old versions should update to the latest one available.

Tuesday, March 24, 2020

VMware Updates Available

VMware have released updated versions of their virtualization software patching one important (CVE-2020-3950) and one low (CVE-2020-3951) categorized vulnerabilities.

Affected versions:
-VMware Workstation Pro/Player for Windows versions earlier than 15.5.2
-VMware Fusion Pro / Fusion versions earlier than 11.5.3
-Horizon Client for Windows and Mac 5.x & earlier versions before 5.4.0
-VMRC (VMware Remote Console) for Mac 11.x & earlier versions before 11.0.1

More information in VMware advisory here.

Foxit Studio Photo Updated

Foxit has released a new version of their Studio Photo application. Among other fixes the updated version patches multiple arbitrary code execution and information disclosure vulnerabilities.

Affected versions:
3.6.6.918 and earlier

More information can be read here. The latest version is downloadable here.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application for Windows. Successful exploitation of the vulnerability could lead to arbitrary file deletion (CVE-2020-3808).

Affected versions:
Creative Cloud Desktop Application 5.0 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Unpatched Vulnerabilities In Microsoft Windows

Microsoft is aware of vulnerabilities in Adobe Type Manager Library in Microsoft Windows. The vulnerabilities may allow an attacker to execute arbitrary code in vulnerable system. These vulnerabilities are currently used in limited targeted attacks.

At the moment of writing this there is no update available but workaround instructions can be read from the related security advisory.

Monday, March 23, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.149 of their Chrome web browser. The new version contains 13 fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Thursday, March 19, 2020

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves two critical categorized (CVE-2020-9551, CVE-2020-9552) vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.0 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves two critical categorized (CVE-2020-3761, CVE-2020-3794) vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- ColdFusion (2018 release): update 7 and earlier versions
- ColdFusion (2016 release): update 13 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one important (CVE-2020-3769) categorized vulnerability that could result in sensitive information disclosure.

Affected are 6.5 and earlier versions

More information from the Adobe's security advisory.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve multiple vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 20.0.8 and earlier versions (Windows and macOS)
Adobe Photoshop CC 21.1 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 20.0.9 or 21.1.1 version

Instructions for updating are given in related security bulletin.

Adobe Genuine Integrity Service for Windows Fixed

Adobe have released security updates to fix vulnerabilities in their Genuine Integrity Service for Windows. The vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Integrity Service earlier than 6.6 on Windows


Adobe Genuine Integrity Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier 2020.006.20042

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30166

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30518


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Sunday, March 15, 2020

Vulnerability Fixed In Windows SMBv3 Protocol

There has been found a critical vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. By exploiting the vulnerability (CVE-2020-0796) an attacker may be able to execute code on the target server or client.

More information including (links to updates) can be found here.

VMware Updates Available

VMware have released updated versions of their virtualization software patching one critical (CVE-2020-3947) and two important (CVE-2020-3948, CVE-2019-5543) categorized vulnerabilities.

Affected versions:
-VMware Workstation Pro/Player versions earlier than 15.5.2
-VMware Fusion Pro / Fusion versions earlier than 11.5.2
-Horizon Client for Windows 5.x earlier than 5.3.0
-VMRC (VMware Remote Console) for Windows 10.x earlier than 11.0.0

More information in VMware advisory here.

Mozilla Thunderbird Vulnerabilities Patched

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.6

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 74 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Wednesday, March 11, 2020

Microsoft Security Updates For March 2020

Microsoft have released security updates for March 2020.

Summary of the updates (filter by inserting 02/11/2020 to the From field and 03/10/2020 to the To field) here.

Monday, March 9, 2020

Google Chrome Updated

Google have released a version 80.0.3987.132 of their Chrome web browser. The new version contains four fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Monday, March 2, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.122 of their Chrome web browser. The new version contains three fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

New PHP versions available

PHP development team has released 7.4.3, 7.3.15 and 7.2.28 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.3
Version 7.3.15
Version 7.2.28

Monday, February 24, 2020

Adobe Media Encoder Updated

Adobe have released an updated versions of their Media Encoder. The new versions fix a vulnerability (CVE-2020-3764) that is categorized as critical. By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Adobe Media Encoder versions earlier than 14.0.2

More information in security bulletin.

Adobe After Effects Vulnerability Fixed

Adobe have released an update to patch a vulnerability in their After Effects application. The vulnerability (CVE-2020-3765) may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe After Effects earlier than 17.0.3 version

More information in security bulletin.

Sunday, February 23, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.116 of their Chrome web browser. The new version contains fixes to five security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Saturday, February 15, 2020

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one important (CVE-2020-3741) categorized vulnerability that could result in denial of service.

Affected are versions 6.4 and 6.5

More information from the Adobe's security advisory.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fixes to two vulnerabilities (CVE-2020-3759 and CVE-2020-3760). Successful exploitation of the critical one (CVE-2020-3760) could lead to arbitrary code execution in the context of the current user.

Affected versions are Adobe Digital Editions 4.5.10 and earlier versions on Windows. Users of affected versions should update their versions to the latest one (currently 4.5.11).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fix to a critical vulnerability. By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.321 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.330

- Users of Adobe Flash Player 32.0.0.321 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.330

- Users of Adobe Flash Player 32.0.0.314 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.330

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.006.20034

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30158

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30510


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fixes to multiple security vulnerabilities. Successful exploitation of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected are versions 2019.0.4 and below for Windows.

More information from the Adobe's security advisory.

Friday, February 14, 2020

Microsoft Security Updates For February 2020

Microsoft have released security updates for February 2020.

Summary of the updates (filter by inserting 01/15/2020 to the From field and 02/11/2020 to the To field) here.

New Mozilla Firefox Version Available

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 73 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.5

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Sunday, February 9, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.87 of their Chrome web browser. The new version contains 56 fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

ITunes 12.10.4 For Windows Released

Apple have released version 12.10.4 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.4 can be read from related security advisory.

Users of old versions should update to the latest one available.

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.9.2 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.17 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.9.2
-iCloud 7.17