Sunday, December 27, 2020

HPE Systems Insight Manager Vulnerability

There has been found a critical vulnerability (CVE-2020-7200) in Hewlett Packard Enterprise (HPE) Systems Insight Manager software. By exploiting the vulnerability it may be possible to run arbitrary code in vulnerable system.

Affected versions
HPE Systems Insight Manager (SIM) 7.6.x for Windows

Currently there is no patch available. HPE has published a workaround that can be used until new software version is available. Instructions are available in the HPE support article here.


Mozilla Firefox Updated

Mozilla have released new versions for Firefox web browser. The new versions fix a bunch of security vulnerabilities.

Affected versions
- Firefox earlier than 84 (advisory)
- Firefox ESR 78.x earlier than 78.6 (advisory)

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing fixes to a bunch of security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Tuesday, December 22, 2020

Foxit Reader And Foxit PhantomPDF Updated

Foxit Software has released version 10.1.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 10.1.0.37527 and earlier (Windows)
Foxit PhantomPDF 10.1.0.37527 and earlier (Windows)

More information can be read here.

Sunday, December 13, 2020

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a vulnerability (CVE-2020-29075) in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerability could lead to information disclosure in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2020.013.20074

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30018

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30188


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Lightroom Updated

Adobe have released security update to fix a critical vulnerability (CVE-2020-24447) in Adobe Lightroom Classic. Exploiting the vulnerability could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Lightroom Classic earlier than 10.1


Users of vulnerable versions are instructed to update their versions by using the Creative Cloud desktop app's update functionality (help).

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two vulnerabilities of which one is categorized as critical (CVE-2020-24445) and the other as important (CVE-2020-24444). Successful exploitation of the critical vulnerability could result in arbitrary JavaScript execution in the browser.

Affected versions

Adobe Experience Manager
- 6.5.6.0 and earlier
- 6.4.8.2 and earlier
- 6.3.3.8 and earlier
- 6.2 SP1-CFP20 and earlier

AEM Forms add-on
- AEM Forms Service Pack 6 add-on package for AEM 6.5.6.0
- AEM Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2)

More information from the Adobe's security advisory.

Adobe Prelude Update Available

Adobe have released an update to patch a critical vulnerability (CVE-2020-24440) in their Prelude application. The vulnerability may allow arbitrary code execution in vulnerable system in the context of the current user.

Affected versions:
Adobe Prelude earlier than 9.0.2 version

More information in the related security bulletin here.

Microsoft Security Updates For December 2020

Microsoft have released security updates for December 2020.

Release notes of the updates can be viewed here.

Tuesday, December 8, 2020

New iCloud Version For Windows Released

Apple have released an updated version of their iCloud client for Windows. The new version fixes security vulnerabilities.

iCloud for Windows 11.5 is available via Windows Store.

More information about the security content of the new versions can be read from the correspondent security advisory.

ITunes 12.11 For Windows Released

Apple have released version 12.11 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.11 can be read from related security advisory.

Users of old versions should update to the latest one available.

Friday, December 4, 2020

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing a fix to a stack overflow vulnerability (CVE-2020-26970).

Affected versions:
- Mozilla Thunderbird earlier than 78.5.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome updated

Google have released version 87.0.4280.88 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to eight security vulnerabilities.

More information can be read from Google Chrome releases blog.