Wednesday, April 29, 2020

Google Chrome Updated

Google have released a version 81.0.4044.129 of their Chrome web browser. In addition to other changes two security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.3.4 and earlier versions
Magento Open Source 2.3.4 and earlier versions
Magento Commerce 2.2.11 and earlier versions
Magento Open Source 2.2.11 and earlier versions
Magento Enterprise Edition 1.14.4.4 and earlier versions
Magento Community Edition 1.9.4.4 and earlier versions

More information in the correspondent security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes critical vulnerabilities (CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573, CVE-2020-9574) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2020 24.0.2 and earlier versions

More information in the correspondent security bulletin.

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves multiple critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.0.1 and earlier versions

More information can be read from Adobe's security bulletin.

Wednesday, April 22, 2020

Google Chrome Updated

Google have released a version 81.0.4044.122 of their Chrome web browser. In addition to other changes eight security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Friday, April 17, 2020

Patched Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contains a fix for a security vulnerability which may lead to information disclosure or remote code execution.

Affected versions:
3D Plugin 9.7.1.29511 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.7.2 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.7.1.29511 and earlier (Windows)
Foxit PhantomPDF 9.7.1.29511 and earlier (Windows)

More information can be read here.

Thursday, April 16, 2020

Oracle Critical Patch Update For Q2 of 2020

Oracle have released updates for their products that fix 397 security issues (including 15 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2020.

Wednesday, April 15, 2020

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fix to one information disclosure vulnerability (CVE-2020-3798).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187303 version on Windows.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe After Effects Vulnerability Fixed

Adobe have released an update to patch a vulnerability in their After Effects application. The vulnerability (CVE-2020-3809) could lead to information disclosure in the context of the current user.

Affected versions:
Adobe After Effects earlier than 17.0.6 version

More information in security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves three important categorized (CVE-2020-3767, CVE-2020-3768, CVE-2020-3796) vulnerabilities.

Affected versions:
- ColdFusion (2018 release): update 8 and earlier versions
- ColdFusion (2016 release): update 14 and earlier versions

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2020

Microsoft have released security updates for April 2020.

Summary of the updates (filter by inserting 03/11/2020 to the From field and 03/14/2020 to the To field) here.

Saturday, April 11, 2020

Firefox Vulnerabilities Fixed

Mozilla have released new versions of their Firefox web browser. New versions contain fixes to high and moderate categorized security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 75 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.7 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which some critical.

Affected versions:
Mozilla Thunderbird versions earlier than 68.7.0

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Updated

Google have released a version 81.0.4044.92 of their Chrome web browser. In addition to other changes 32 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Wednesday, April 8, 2020

Vulnerabilities In HP Support Assistant

There have been found multiple vulnerabilities in HP Support Assistant software that comes “pre-installed on HP computers sold after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems”.

Part of vulnerabilities are fixed in updated version but for local privilege escalation vulnerabilities the only way is to uninstall HP Support Assistant completely.

Information about the vulnerabilities and machine protecting instructions can be read here.

Sunday, April 5, 2020

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 74.0.1
-Mozilla Firefox ESR 68.x earlier than 68.6.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

New Google Chrome Version Released

Google have released a version 80.0.3987.163 of their Chrome web browser. More information about changes can be viewed in Google Chrome release blog.