There has been released an update to All In One SEO Pack which is a WordPress plugin with over 2 million installations. The updated version fixes a medium categorized security vulnerability.
Affected versions:
All In One SEO Pack versions earlier than 3.6.2
More information in Wordfence blog here.
Wednesday, July 22, 2020
New PHP versions available
PHP development team has released 7.4.8, 7.3.20 and 7.2.32 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.4.8
Version 7.3.20
Version 7.2.32
Changelogs:
Version 7.4.8
Version 7.3.20
Version 7.2.32
Labels:
PHP,
security,
security threat,
update,
vulnerability,
Windows
Mozilla Thunderbird Updated
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
Mozilla Thunderbird versions earlier than 78
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 78
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Labels:
Mozilla,
security,
security threat,
thunderbird,
update,
vulnerability
Adobe Prelude Update Available
Adobe have released an update to patch critical vulnerabilities (CVE-2020-9677, CVE-2020-9678, CVE-2020-9679, CVE-2020-9680) in their Prelude application. The vulnerabilities may allow arbitrary code execution in vulnerable system in the context of the current user.
Affected versions:
Adobe Prelude earlier than 9.0.1 version
More information in the related security bulletin here.
Affected versions:
Adobe Prelude earlier than 9.0.1 version
More information in the related security bulletin here.
Labels:
adobe,
prelude,
security,
security threat,
update,
vulnerability,
Windows
New Version Of Adobe Photoshop Available
Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve multiple vulnerabilities (CVE-2020-9683, CVE-2020-9684, CVE-2020-9685, CVE-2020-9686, CVE-2020-9687) which could lead to arbitrary code execution in the context of the current user.
Affected versions:
Adobe Photoshop CC 20.0.9 and earlier versions (Windows)
Adobe Photoshop CC 21.2 and earlier versions (Windows)
Solution:
Update to Adobe Photoshop CC 20.0.10 or 21.2.1 version
Instructions for updating are given in related security bulletin.
Affected versions:
Adobe Photoshop CC 20.0.9 and earlier versions (Windows)
Adobe Photoshop CC 21.2 and earlier versions (Windows)
Solution:
Update to Adobe Photoshop CC 20.0.10 or 21.2.1 version
Instructions for updating are given in related security bulletin.
Labels:
adobe,
photoshop,
security,
security threat,
update,
vulnerability,
Windows
Adobe Bridge Updated
Adobe have updated their Bridge to new version. This new version resolves three critical vulnerabilities (CVE-2020-9674, CVE-2020-9675, CVE-2020-9676) which may allow execution of arbitrary code.
Affected versions:
- Adobe Bridge 10.0.3 and earlier versions for Windows
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Bridge 10.0.3 and earlier versions for Windows
More information can be read from Adobe's security bulletin.
Labels:
adobe,
bridge,
security,
security threat,
update,
vulnerability
Adobe Download Manager Updated
Adobe has released updated version of their Download Manager for Windows. The new version fixes one critical (CVE-2020-9688) categorized vulnerability that could lead to arbitrary code execution.
Affected is version 2.0.0.518. The new version 2.0.0.529 is available for Adobe Reader for Windows here and for Adobe Flash Player for Windows here.
More information from the Adobe's security advisory.
Affected is version 2.0.0.518. The new version 2.0.0.529 is available for Adobe Reader for Windows here and for Adobe Flash Player for Windows here.
More information from the Adobe's security advisory.
Labels:
adobe,
download manager,
security,
security threat,
update,
vulnerability
Adobe ColdFusion Updated
Adobe have released updated version of ColdFusion web application development platform. This fix resolves two important categorized (CVE-2020-9672, CVE-2020-9673) vulnerabilities that could lead to privilege escalation.
Affected versions:
- ColdFusion (2018 release): update 9 and earlier versions
- ColdFusion (2016 release): update 15 and earlier versions
More information can be read from Adobe's security bulletin.
Affected versions:
- ColdFusion (2018 release): update 9 and earlier versions
- ColdFusion (2016 release): update 15 and earlier versions
More information can be read from Adobe's security bulletin.
Labels:
adobe,
coldfusion,
security,
security threat,
update,
vulnerability
Adobe Genuine Service Updated
Adobe have released security updates to fix vulnerabilities (CVE-2020-9667, CVE-2020-9668, CVE-2020-9681) in their Genuine Service. The vulnerabilities could lead to privilege escalation in the context of the current user.
Affected versions:
Adobe Genuine Service earlier than 7.1 on Windows and macOS
Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.
More information about fixed vulnerability can be read from Adobe's security bulletin.
Affected versions:
Adobe Genuine Service earlier than 7.1 on Windows and macOS
Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.
More information about fixed vulnerability can be read from Adobe's security bulletin.
Labels:
adobe,
genuine service,
security,
security threat,
update,
vulnerability
Adobe Media Encoder Updated
Adobe have released an updated versions of their Media Encoder. The new versions fix two vulnerabilities categorized as critical (CVE-2020-9646, CVE-2020-9650) and one as important (CVE-2020-9649). By exploiting the critical vulnerabilities an attacker may be able to execute arbitrary code in the context of the current user.
Affected versions:
- Adobe Media Encoder versions earlier than 14.3
More information in security bulletin.
Affected versions:
- Adobe Media Encoder versions earlier than 14.3
More information in security bulletin.
Labels:
adobe,
media encoder,
security,
security threat,
update,
vulnerability
Adobe Creative Cloud Desktop Application Updated
Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file system write and privilege escalation in the context of the current user (CVE-2020-9682, CVE-2020-9669, CVE-2020-9670, CVE-2020-9671).
Affected versions:
Creative Cloud Desktop Application 5.1 and earlier versions for Windows
More information can be read from Adobe's security bulletin.
Affected versions:
Creative Cloud Desktop Application 5.1 and earlier versions for Windows
More information can be read from Adobe's security bulletin.
Labels:
adobe,
creative cloud,
security,
security threat,
update,
vulnerability
Microsoft Security Updates For July 2020
Microsoft have released security updates for July 2020.
Summary of the updates (filter by inserting 06/10/2020 to the From field and 07/14/2020 to the To field) here.
Summary of the updates (filter by inserting 06/10/2020 to the From field and 07/14/2020 to the To field) here.
Labels:
Microsoft,
security,
security threat,
update,
vulnerability
Google Chrome Updated
Google have released a version 84.0.4147.89 of their Chrome web browser. Updated version contains fixes to 38 security vulnerabilities. More information about changes can be viewed in Google Chrome release blog.
Labels:
chrome,
google,
security,
security threat,
update,
vulnerability
Thursday, July 9, 2020
Kernel Data Protection (KDP) Coming To Windows 10
Microsoft is bringing Kernel Data Protection (KDP) to Windows 10. Currently it's being tested with Windows 10 Insider builds.
Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
More information and technical details about KDP can be read from Microsoft security blog.
Kernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
More information and technical details about KDP can be read from Microsoft security blog.
NVIDIA GeForce Experience Fixed
NVIDIA has released a new version of GeForce Experience software. The new version fixes a vulnerability (CVE‑2020‑5964) that may lead to code execution, denial of service or escalation of privileges.
Affected versions
GeForce Experience for Windows versions earlier than 3.20.4
More information and instructions for updating can be read from the NVIDIA security bulletin.
Affected versions
GeForce Experience for Windows versions earlier than 3.20.4
More information and instructions for updating can be read from the NVIDIA security bulletin.
Labels:
geforce experience,
nvidia,
security,
security threat,
update,
vulnerability,
Windows
Mozilla Thunderbird Updated
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
Mozilla Thunderbird versions earlier than 68.10.0
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 68.10.0
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Labels:
Mozilla,
security,
security threat,
thunderbird,
update,
vulnerability
Thursday, July 2, 2020
Mozilla Firefox New Version Released
Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.
Affected versions:
-Mozilla Firefox earlier than 78 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.10 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Affected versions:
-Mozilla Firefox earlier than 78 (advisory)
-Mozilla Firefox ESR 68.x earlier than 68.10 (advisory)
Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.
Labels:
Firefox,
Mozilla,
security,
security threat,
update,
vulnerability,
Windows
Subscribe to:
Posts (Atom)