VMware Horizon DaaS Updated

VMware has released a new update to their Horizon DaaS software. New version fixes a broken authentication vulnerability (CVE-2020-3977). Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit the vulnerability an attacker must have a legitimate account on Horizon DaaS.

Affected versions:
-Horizon DaaS 7.x & 8.x

For Horizon DaaS 8.x versions there is 8.0.1 Update 1 that fixes the issue.

More information can be read from the corresponding advisory.

Mozilla Firefox Vulnerabilities Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 81 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated versions of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 78.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Chrome Fixes Available

Google have released a version 85.0.4183.121 of their Chrome web browser. In addition to other changes 10 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

VMware Software Patches Available

VMware have released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-3976).

Affected versions:

-VMware Workstation Pro/Player 15.x for Windows (patch pending, check back the advisory)

-VMware Fusion Pro / Fusion 11.x (patch pending, check back the advisory)

-Horizon Client for Windows 5.x versions earlier than 5.4.4

More information in VMware advisory here. 

Adobe Media Encoder Updated

Adobe have released updated versions of their Media Encoder. The new versions fix three important categorized vulnerabilities (CVE-2020-9739, CVE-2020-9744, CVE-2020-9745). The vulnerabilities could lead to information disclosure in the context of the current user.

Affected versions:

- Adobe Media Encoder versions earlier than 14.4

More information in related security bulletin.

Google Chrome Update Released

Google have released a version 85.0.4183.102 of their Chrome web browser. Updated version contains fixes to five security vulnerabilities. More information about changes can be viewed in Google Chrome release blog.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix a bunch of vulnerabilities of which some are categorized as critical. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser.

Affected versions

Adobe Experience Manager
- 6.5.5.0 and earlier
- 6.4.8.1 and earlier
- 6.3.3.8 and earlier
- 6.2 SP1-CFP20 and earlier

AEM Forms add-on
- AEM Forms Service Pack 5 add-on package for AEM 6.5.5.0
- AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 1 (6.4.8.1)

More information from the Adobe's security advisory.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fixes to two critical security vulnerabilities (CVE-2020-9726, CVE-2020-9725). Successful exploitation of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected are versions 2019.0.6 and below for Windows.

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves critical vulnerabilities that could be abused to execute code remotely in the context of the current user.

Affected versions:
- Adobe InDesign earlier than 15.1.2

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2020

Microsoft have released security updates for September 2020.

Summary of the updates (filter by inserting 08/12/2020 to the From field and 09/08/2020 to the To field) here.

Latest PHP Versions Available

PHP development team has released 7.4.10 and 7.3.22 versions of the PHP scripting language. New versions contain bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.10
Version 7.3.22

Foxit PhantomPDF Update Available

Foxit Software has released version 9.7.3 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 9.7.2.29539 and earlier (Windows)

More information can be read here.

Foxit Studio Photo Updated

Foxit has released a new version of their Studio Photo application. Among other fixes the updated version patches an information disclosure vulnerability. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2020-17403/CVE-2020-17404)

Affected versions:
3.6.6.927 and earlier

More information can be read here. The latest version is downloadable here.