VMware Horizon Server and VMware Horizon Client For Windows Updated

VMware has released updates to VMware Horizon Server and VMware Horizon Client for Windows. The new versions fix Cross Site Scripting (XSS) (CVE-2020-3997) and information disclosure security (CVE-2020-3998) vulnerabilities.

Affected versions
-VMware Horizon Server 7.x versions earlier than 7.10.3 or 7.13.0
-WMware Horizon Client for Windows earlier than 5.5.0 version

More information in the VMware security advisory.

Security Updates To NVIDIA GeForce Experience For Windows

NVIDIA has released an updated version of NVIDIA GeForce Experience for Windows. The update contains fixes to vulnerabilities (CVE‑2020‑5977, CVE‑2020‑5978, CVE‑2020‑5990) that when exploited may allow code execution, escalation of privileges, denial of service or information disclosure.

Affected versions
GeForce Experience for Windows versions earlier than 3.20.5.70.

Download the updates from the GeForce Experience Downloads page or open the client to automatically apply the security update.

More information can be read in the NVIDIA security bulletin.

VMware Vulnerability Fixes Available

VMware have released updated versions of their virtualization software patching security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

Affected versions:

-VMware ESXi 7.0 without ESXi_7.0.1-0.0.16850804
-VMware ESXi 6.7 without ESXi670-202010401-SG update
-VMware ESXi 6.5 without ESXi650-202010401-SG update
-VMware Cloud Foundation (ESXi) 4.x earlier than 4.1
-VMware Cloud Foundation (ESXi) 3.x earlier than 3.10.1.1
-VMware Workstation Pro/Player 15.x for Windows (patch pending, check back the advisory)
-VMware Fusion Pro / Fusion 11.x earlier than 11.5.6
-NSX-T 3.x earlier than 3.0.2
-NSX-T 2.5.x earlier than 2.5.2.2.0
-VMware Cloud Foundation (NSX-T) 4.x earlier than 4.1
-VMware Cloud Foundation (NSX-T) 3.x earlier than 3.10.1.1


More information in VMware advisory here.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.

Affected versions:
Mozilla Thunderbird versions earlier than 78.4 

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 82 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.4 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Google Chrome Vulnerabilities Fixed

Google have released a version 86.0.4240.111 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes five security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

Oracle Critical Patch Update For Q4 of 2020

Oracle have released updates for their products that fix 402 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2021.

VMware Horizon Client For Windows Fixed

VMware have released updated version (5.5.0) of Horizon Client for Windows patching one moderate (CVE-2020-3991) categorized denial-of-service vulnerability.

Affected versions:
-Horizon Client for Windows 5.x and earlier

More information in VMware advisory here.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.3.5-p1 and earlier versions
Magento Commerce 2.3.5-p2 and earlier versions
Magento Commerce 2.4.0 and earlier versions
Magento Open Source 2.3.5-p1 and earlier versions
Magento Open Source 2.3.5-p2 and earlier versions
Magento Open Source 2.4.0 and earlier versions

More information in the correspondent security bulletin.

Vulnerabilities In Acronis Backup Software

There have been found privilege escalation vulnerabilities (CVE-2020-10138, CVE-2020-10139 and CVE-2020-10140) in Acronis True Image, Cyber Backup and Cyber Protection backup software. By exploiting the vulnerabilities an unprivileged Windows user is able to run arbitrary code with SYSTEM privileges.

Affected versions
Acronis True Image 2021 earlier than build 32010
Acronis Cyber Backup 12.5 earlier than build 16363
Acronis Cyber Protect 15 earlier than build 24600


More information here.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain fix to a critical vulnerability (CVE-2020-9746). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 32.0.0.433 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.445

- Users of Adobe Flash Player 32.0.0.433 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.445

- Users of Adobe Flash Player 32.0.0.433 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.445

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For October 2020

Microsoft have released security updates for October 2020.

Summary of the updates (filter by inserting 09/07/2020 to the From field and 10/13/2020 to the To field) here.

Google Chrome Updated

Google have released a version 86.0.4240.75 of their Chrome web browser for Windows, Mac and Linux. In addition to other changes 35 security vulnerabilities were fixed. More information about changes can be viewed in Google Chrome release blog.

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 10.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 10.0.1.35811 and earlier (Windows)
Foxit PhantomPDF 10.0.1.35811 and earlier (Windows)

More information can be read here.

Updated Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contains a fix for a security vulnerability which may lead to information disclosure or remote code execution.

Affected versions:
3D Plugin 10.0.1.35811 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

New PHP versions available

PHP development team has released 7.4.11, 7.3.23 and 7.2.34 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.4.11
Version 7.3.23
Version 7.2.34

New iCloud Versions For Windows Released

Apple have released new versions of their iCloud client for Windows. New versions fix security vulnerabilities.

iCloud for Windows 11.4 is for Windows 10 and later and is available via Windows Store. iCloud for Windows 7.21 is available for Windows 7 and later.

More information about the security content of the new versions can be read from the correspondent security advisories:
-iCloud 11.4
-iCloud 7.21