Thursday, March 26, 2020

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 10.9.3 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.18 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 10.9.3
-iCloud 7.18

ITunes 12.10.5 For Windows Released

Apple have released version 12.10.5 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.10.5 can be read from related security advisory.

Users of old versions should update to the latest one available.

Tuesday, March 24, 2020

VMware Updates Available

VMware have released updated versions of their virtualization software patching one important (CVE-2020-3950) and one low (CVE-2020-3951) categorized vulnerabilities.

Affected versions:
-VMware Workstation Pro/Player for Windows versions earlier than 15.5.2
-VMware Fusion Pro / Fusion versions earlier than 11.5.3
-Horizon Client for Windows and Mac 5.x & earlier versions before 5.4.0
-VMRC (VMware Remote Console) for Mac 11.x & earlier versions before 11.0.1

More information in VMware advisory here.

Foxit Studio Photo Updated

Foxit has released a new version of their Studio Photo application. Among other fixes the updated version patches multiple arbitrary code execution and information disclosure vulnerabilities.

Affected versions:
3.6.6.918 and earlier

More information can be read here. The latest version is downloadable here.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application for Windows. Successful exploitation of the vulnerability could lead to arbitrary file deletion (CVE-2020-3808).

Affected versions:
Creative Cloud Desktop Application 5.0 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Unpatched Vulnerabilities In Microsoft Windows

Microsoft is aware of vulnerabilities in Adobe Type Manager Library in Microsoft Windows. The vulnerabilities may allow an attacker to execute arbitrary code in vulnerable system. These vulnerabilities are currently used in limited targeted attacks.

At the moment of writing this there is no update available but workaround instructions can be read from the related security advisory.

Monday, March 23, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.149 of their Chrome web browser. The new version contains 13 fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Thursday, March 19, 2020

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves two critical categorized (CVE-2020-9551, CVE-2020-9552) vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.0 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves two critical categorized (CVE-2020-3761, CVE-2020-3794) vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- ColdFusion (2018 release): update 7 and earlier versions
- ColdFusion (2016 release): update 13 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix one important (CVE-2020-3769) categorized vulnerability that could result in sensitive information disclosure.

Affected are 6.5 and earlier versions

More information from the Adobe's security advisory.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve multiple vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 20.0.8 and earlier versions (Windows and macOS)
Adobe Photoshop CC 21.1 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 20.0.9 or 21.1.1 version

Instructions for updating are given in related security bulletin.

Adobe Genuine Integrity Service for Windows Fixed

Adobe have released security updates to fix vulnerabilities in their Genuine Integrity Service for Windows. The vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Integrity Service earlier than 6.6 on Windows


Adobe Genuine Integrity Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier 2020.006.20042

*Acrobat 2017 and Acrobat Reader DC, 2017 classic track
versions earlier than 2017.011.30166

*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30518


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Sunday, March 15, 2020

Vulnerability Fixed In Windows SMBv3 Protocol

There has been found a critical vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. By exploiting the vulnerability (CVE-2020-0796) an attacker may be able to execute code on the target server or client.

More information including (links to updates) can be found here.

VMware Updates Available

VMware have released updated versions of their virtualization software patching one critical (CVE-2020-3947) and two important (CVE-2020-3948, CVE-2019-5543) categorized vulnerabilities.

Affected versions:
-VMware Workstation Pro/Player versions earlier than 15.5.2
-VMware Fusion Pro / Fusion versions earlier than 11.5.2
-Horizon Client for Windows 5.x earlier than 5.3.0
-VMRC (VMware Remote Console) for Windows 10.x earlier than 11.0.0

More information in VMware advisory here.

Mozilla Thunderbird Vulnerabilities Patched

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 68.6

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 74 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Wednesday, March 11, 2020

Microsoft Security Updates For March 2020

Microsoft have released security updates for March 2020.

Summary of the updates (filter by inserting 02/11/2020 to the From field and 03/10/2020 to the To field) here.

Monday, March 9, 2020

Google Chrome Updated

Google have released a version 80.0.3987.132 of their Chrome web browser. The new version contains four fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Monday, March 2, 2020

New Google Chrome Version Released

Google have released a version 80.0.3987.122 of their Chrome web browser. The new version contains three fixes to security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

New PHP versions available

PHP development team has released 7.4.3, 7.3.15 and 7.2.28 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.3
Version 7.3.15
Version 7.2.28