Friday, December 17, 2021

Google Chrome New Update Available

Google have released version 96.0.4664.110 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to five security vulnerabilities.

More information can be read from Google Chrome releases blog.

Adobe Premiere Rush Updated

Adobe have released an update to patch a bunch of vulnerabilities in Premiere Rush application. The vulnerabilities may allow arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Premiere Rush earlier than 1.5.16 version for Windows

More information in the related security bulletin here.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix a bunch of vulnerabilities of which six categorized as critical (CVE-2021-43761, CVE-2021-40722, CVE-2021-43764, CVE-2021-43765, CVE-2021-44176, CVE-2021-44177) and two categorized as important (CVE-2021-43762, CVE-2021-44178). Successful exploitation of these could result in arbitrary code execution or security feature bypass.

Affected versions
Adobe Experience Manager (AEM)
- AEM Cloud Service (CS)
- 6.5.10.0 and earlier

More information from the Adobe's security advisory.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves one important (CVE-2021-43014) categorized vulnerability. Successful exploitation could lead to arbitrary file system write.

Affected versions:
- Adobe Connect earlier than 11.4

More information can be read from Adobe's security bulletin.

Adobe Photoshop Vulnerabilities Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve security vulnerabilities of which some could lead to arbitrary code execution in the context of the current user.

Affected versions on Windows and macOS:
- Adobe Photoshop 2022 versions 23.x earlier than 23.1
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.4

Instructions for updating are given in related security bulletin.

Adobe Prelude Update Available

Adobe have released an update to patch one critical (CVE-2021-43754) and one important (CVE-2021-44696) categorized vulnerability in their Prelude application. The vulnerability may allow arbitrary code execution in vulnerable system in the context of the current user.

Affected versions:
Adobe Prelude earlier than 22.1.1 version on Windows

More information in the related security bulletin here.

Adobe After Effects Updated

Adobe have released an update to patch critical vulnerabilities in their After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
- Adobe After Effects earlier than 22.1.1 version on Windows and macOS
- Adobe After Effects earlier than 18.4.3 version on Windows and macOS

More information in security bulletin.

New Adobe Dimension Version Released

Adobe have released an updated version of their Adobe Dimension. The new version fixes vulnerabilities of which some may allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Dimension earlier than 3.4.4 version on Windows and macOS

More information in the correspondent security bulletin.

Adobe Premiere Pro Updated

Adobe have released an update to patch vulnerabilities in their Premiere Pro application. Five vulnerabilities, one critical and four moderate, were fixed. By exploiting the critical one (CVE-2021-40795) it may be possible to execute arbitrary code in vulnerable system.

Affected versions:
-Adobe Premiere Pro earlier than 22.1.1 version on Windows and macOS
-Adobe Premiere Pro earlier than 15.4.3 version on Windows and macOS

More information in the related security bulletin here.

Adobe Media Encoder Updated

Adobe have released updated versions of their Media Encoder. The new versions fix two critical and three moderate vulnerabilities. Exploiting the critical vulnerabilities it may be possible to execute arbitrary code in the target system.

Affected versions:
- Adobe Media Encoder versions earlier than 15.4.3 on Windows and macOS
- Adobe Media Encoder versions earlier than 22.1.1 on Windows and macOS

More information in related security bulletin.

Adobe Lightroom Updated

Adobe have released security update to fix a privilege escalation vulnerability (CVE-2021-43753) in Adobe Lightroom.

Affected versions:
*Lightroom earlier than 5.1 on Windows

Users of vulnerable versions are instructed to update their versions by using the Creative Cloud desktop app's update functionality (help).

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Audition Updated

Adobe have released an update to patch critical vulnerabilities in their Adobe Audition application. The vulnerabilities (CVE-2021-44697, CVE-2021-44698, CVE-2021-44699) may lead to privilege escalation.

Affected versions:
Adobe Audition 22.0 and earlier versions for Windows and macOS
Adobe Audition 14.4 and earlier versions for Windows and macOS

More information in the related security bulletin.

Microsoft Security Updates For December 2021

Microsoft have released security updates for December 2021.

Release notes of the updates can be viewed here.

Thursday, December 9, 2021

Google Chrome Vulnerabilities Fixed

Google have released version 96.0.4664.93 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 22 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.4.0 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 95 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.4.0 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Saturday, November 20, 2021

Google Chrome updated

Google have released version 96.0.4664.45 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 25 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Saturday, November 13, 2021

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to three security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.8.2

More information can be read from the WordPress blog.

New iCloud Version For Windows Released

Apple have released new version of their iCloud client for Windows. New version fix security vulnerabilities.

iCloud for Windows 13 is for Windows 10 and later and is available via Windows Store.

More information about the security content of the new version can be read from the correspondent security advisory.

RoboHelp Server Update Available

Adobe has released an updated version of their RoboHelp Server for Windows. The new version fixes a critical arbitrary code execution vulnerability (CVE-2021-42727).

Affected versions:
-RHS2020.0.1 and earlier

More information can be read here.

Vulnerability Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows and macOS. The new version fixes a security vulnerability (CVE-2021-43015) that may allow arbitrary code execution and another vulnerability (CVE-2021-43016) that may cause application denial of service.

Affected versions and solutions
- Adobe InCopy 16.4 and earlier versions

More information can be read from Adobe security bulletin.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability (CVE-2021-43017) in their Creative Cloud Desktop Application for macOS.

Affected versions:
Creative Cloud Desktop Application 5.5 and earlier versions for macOS

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For November 2021

Microsoft have released security updates for November 2021.

Release notes of the updates can be viewed here.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 94 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Thursday, November 4, 2021

New PHP versions available

PHP development team has released 8.0.12, 7.4.25 and 7.3.32 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Tuesday, November 2, 2021

Vulnerabilities Fixed In New Chrome Version

Google have released a new version 95.0.4638.69 of their Chrome web browser for Windows, macOS and Linux. Among other changes the new version fixes eight security vulnerabilities. Google says that two (CVE-2021-38000 and CVE-2021-38003) of those have exploits in the wild.

More information on Google Chrome releases blog.

Friday, October 22, 2021

New Google Chrome Version Released

Google have released version 95.0.4638.54 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 19 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Oracle Critical Patch Update For Q4 of 2021

Oracle have released updates for their products that fix 419 security issues (including 15 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in January 2022.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 21.007.20099

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.004.30017

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.011.30204


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves one critical (CVE-2021-40719) and one important (CVE-2021-40721) categorized vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected versions:
- Adobe Connect earlier than 11.2.3

More information can be read from Adobe's security bulletin.

Adobe Reader Mobile Vulnerability Fixed

Adobe has released an update for its Adobe Reader Mobile for Android. The update fixes an arbitrary code execution vulnerability (CVE-2021-40724). Exploitation of the vulnerability may lead to information disclosure in the context of the current user.

Affected Versions
-Adobe Acrobat Reader for Android versions earlier than 21.9.0

More information available in Adobe security bulletin.

Adobe Commerce Vulnerabilities Fixed

Adobe has released updates for Adobe Commerce and Magento Open Source editions. The new versions fix an important categorized vulnerablity (CVE-2021-39864) which may lead to security feature bypass.

Affected versions
Adobe Commerce 2.4.2-p2 and earlier versions
Adobe Commerce 2.4.3 and earlier versions
Adobe Commerce 2.3.7-p1 and earlier versions
Magento Open Source 2.4.2-p2 and earlier versions
Magento Open Source 2.4.3 and earlier versions
Magento Open Source 2.3.7-p1 and earlier versions

More information in the correspondent security bulletin.

Critical Vulnerability Fixed In Adobe Campaign Standard

Adobe have released a new version of their Adobe Campaign Standard on Windows and Linux. The new version fixes a security vulnerability (CVE-2021-40744) that may result in arbitrary code execution.

Affected versions and solutions
- Adobe Campaign Standard 21.2.1 (and earlier versions) should update to version 21.3

More information can be read from Adobe security bulletin.

Saturday, October 16, 2021

Microsoft Security Updates For October 2021

Microsoft have released security updates for October 2021.

Release notes of the updates can be viewed here.

Monday, October 11, 2021

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 93 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.2 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.15 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Wednesday, October 6, 2021

Vulnerabilities In Corel Products For Windows

FortiGuard Labs have disclosed multiple (15) critical zero-day vulnerabilities in several Corel products on Microsoft Windows 10.

Affected products
- Corel PDF Fusion version 2.6.2.0
- CorelDraw Standard 2020 versions 22.0.0.474
- Corel WordPerfect 2020 version 20.0.0.200
- Corel PhotoPaint Standard 2020 version 22.0.0.474
- Corel Presentations 2020 version 20.0.0.200

More information available in FortiGuard Labs blog post.

Google Chrome updated

Google have released version 94.0.4606.71 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to four security vulnerabilities.

More information can be read from Google Chrome releases blog.

Monday, October 4, 2021

New PHP versions available

PHP development team has released 8.0.11, 7.4.24 and 7.3.31 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Sunday, September 19, 2021

Updates To Adobe XMP-Toolkit-SDK Released

Adobe has released updates for XMP-Toolkit-SDK. Updates fix an important categorized vulnerability (CVE-2021-40716) which may lead to arbitrary file system read in the context of the current user.

Affected versions
-Adobe XMP-Toolkit-SDK versions earlier than 2021.08
 
More information in correspondent security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a critical security vulnerability (CVE-2021-40709) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.12
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.1

Instructions for updating are given in related security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix vulnerabilities of which one categorized as critical (CVE-2021-40711) and three categorized as important (CVE-2021-40712, CVE-2021-40713, CVE-2021-40714). Successful exploitation of these could result in arbitrary code execution.

Affected versions
Adobe Experience Manager (AEM)
- AEM Cloud Service (CS)
- 6.5.9.0 and earlier

More information from the Adobe's security advisory.

Adobe Genuine Service Updated

Adobe have released security updates to fix a vulnerability (CVE-2021-40708) in their Genuine Service. The vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Service earlier than 7.4 on Windows and macOS


Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.


More information about fixed vulnerability can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fixes to three vulnerabilities (CVE-2021-39826, CVE-2021-39827, CVE-2021-39828).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187658 version on macOS.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Premiere Elements Fixed

Adobe have released an update to patch vulnerabilities in Premiere Elements. The vulnerabilities may lead to arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Premiere Elements earlier than 2021 [build 19.0 (20210809.daily.2242976)] version for Windows and macOS

More information in the related security bulletin here.

Adobe Photoshop Elements Vulnerability Fixed

Adobe have released an update to patch a critical vulnerability (CVE-2021-39825) in Photoshop Elements. The vulnerability may lead to arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Photoshop Elements earlier than 2021 [build 19.0 (20210811.m.158081)] version for Windows and macOS

More information in the related security bulletin here.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability (CVE-2021-28613) in their Creative Cloud Desktop Application for macOS.

Affected versions:
Creative Cloud Desktop Application 5.4 and earlier versions for macOS

More information can be read from Adobe's security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves two critical categorized (CVE-2021-40698, CVE-2021-40699) vulnerabilities that may lead to a security feature bypass.

Affected versions:
- ColdFusion (2021 release): version 1 and earlier versions
- ColdFusion (2018 release): update 11 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Framemaker Vulnerabilities Fixed

Adobe has released an updated version of their Framemaker. New version contains fixes to security vulnerabilities of which some (CVE-2021-39829, CVE-2021-39830, CVE-2021-39831, CVE-2021-39832) critical. Successful exploitation of these could lead to arbitrary code execution in the context of the current user.

Affected versions
-Framemaker 2019 release for Windows without update 8 (hotfix)
-Framemaker 2020 release for Windows without update 3

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves critical vulnerabilities (CVE-2021-39820, CVE-2021-39821, CVE-2021-39822) that could be abused to execute code remotely in the context of the current user.

Affected versions:
- Adobe InDesign earlier than 16.4 for Windows and macOS

More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows. The new version fixes a security vulnerability (CVE-2021-39818) that may allow arbitrary code execution in the context of the current user and another vulnerability (CVE-2021-39819) that may allow arbitrary file system write.

Affected versions and solutions
- Adobe InCopy 16.3 and earlier versions for Windows
- Adobe InCopy 16.3.1 and earlier versions for macOS

More information can be read from Adobe security bulletin.

Saturday, September 18, 2021

Adobe Premiere Pro Fixed

Adobe have released an update to patch vulnerabilities in their Premiere Pro application. The vulnerabilities (CVE-2021-40710, CVE-2021-40715) may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Premiere Pro earlier than 15.4.1 version for Windows

More information in the related security bulletin here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.007.20091

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.004.30015

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30202


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2021

Microsoft have released security updates for September 2021.

Release notes of the updates can be viewed here.

Google Chrome updated

Google have released version 93.0.4577.82 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 11 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Monday, September 13, 2021

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to three security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.8.1

More information can be read from the WordPress blog.

New Mozilla Thunderbird Version Released

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.1 (advisory)
- Mozilla Thunderbird earlier than 78.14 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Microsoft MSHTML Vulnerability

Microsoft is investigating reports of a remote code execution vulnerability (CVE-2021-40444) in MSHTML that affects Microsoft Windows. 

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.

At the moment there's no patch available against the vulnerability. Information about mitigations and workarounds can be read here.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 92 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.1 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.14 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, September 6, 2021

New Google Chrome Version Released

Google have released version 93.0.4577.63 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 27 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Wednesday, August 18, 2021

New iCloud Version For Windows Released

Apple have released new version of their iCloud client for Windows. New version fix security vulnerabilities.

iCloud for Windows 12.5 is for Windows 10 and later and is available via Windows Store.

More information about the security content of the new version can be read from the correspondent security advisory.

Mozilla Products Updated

Mozilla has released updated versions of their Firefox web browser and Thunderbird email client. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 91.0.1
-Mozilla Thunderbird earlier than 91.0.1

More information in related security advisory.

Adobe Captivate Hotfix Available

Adobe have released a security hotfix for Adobe Captivate for macOS. The fix addresses a privilege escalation vulnerability (CVE-2021-36002).

Affected versions and solution
Users of Adobe Captivate 2019 11.5.5 and earlier should install the hotfix

More information can be read from Adobe's security bulletin.

Updates To Adobe XMP-Toolkit-SDK Released

Adobe has released updates for XMP-Toolkit-SDK. Updates fix multiple critical and important categorized vulnerabilities of which some may allow an attacker to execute arbitrary code in the context of the current user.

Affected versions
-Adobe XMP-Toolkit-SDK versions earlier than 2021.07
 
More information in correspondent security bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve two critical security vulnerabilities (CVE-2021-36065, CVE-2021-36066) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.10
- Adobe Photoshop 2021 versions 22.x earlier than 22.4.3

Instructions for updating are given in related security bulletin.

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 11.1 and earlier versions for Windows

Solution:
- Update to Adobe Bridge 11.1.1 or 10.1.3


More information can be read from Adobe's security bulletin.

Adobe Media Encoder Updated

Adobe have released updated versions of their Media Encoder. The new versions fix one critical categorized vulnerability (CVE-2021-36070). Exploiting the vulnerability it may be possible to execute arbitrary code in the target system.

Affected versions:
- Adobe Media Encoder versions earlier than 15.4.1

More information in related security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves important categorized vulnerabilities (CVE-2021-36061, CVE-2021-36062, CVE-2021-36063). Successful exploitation could lead to arbitrary code execution or security feature bypass.

Affected versions:
- Adobe Connect earlier than 11.2.2

More information can be read from Adobe's security bulletin.

Magento Vulnerabilities Fixed

Magento has released updates for Adobe Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Adobe Commerce 2.4.2 and earlier versions
Adobe Commerce 2.4.2-p1 and earlier versions
Adobe Commerce 2.3.7 and earlier versions
Magento Open Source 2.4.2-p1 and earlier versions
Magento Open Source 2.3.7 and earlier versions

More information in the correspondent security bulletin.

Microsoft Security Updates For August 2021

Microsoft have released security updates for August 2021.

Release notes of the updates can be viewed here.

Wednesday, August 11, 2021

New Mozilla Thunderbird Version Released

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.13 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 91 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.13 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Thursday, August 5, 2021

Foxit PDF Reader And Foxit PDF Editor Updated

Foxit Software has released version 11.0.1 of their Foxit PDF Reader and Foxit PDF Editor software for Windows. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PDF Reader (previously named Foxit Reader) 11.0.0.49893 and earlier (Windows)
Foxit PDF Editor (previously named Foxit PhantomPDF) 11.0.0.49893, 10.1.4.37651 and earlier (Windows)

More information can be read here.

New PHP versions available

PHP development team has released 8.0.9 and 7.4.22 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Friday, July 30, 2021

Google Chrome updated

Google have released version 92.0.4515.107 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 35 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Oracle Critical Patch Update For Q3 of 2021

Oracle have released updates for their products that fix 342 security issues (including six Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in October 2021.

Thursday, July 15, 2021

New Adobe Dimension Version Released

Adobe have released an updated version of their Adobe Dimension. The new version fixes a critical vulnerability (CVE-2021-28595) that may allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Dimension 3.4 and earlier versions 

Solution
Update to Dimension 3.4.3 (or newer) version

More information in the correspondent security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes critical vulnerabilities (CVE-2021-28591, CVE-2021-28592) that may allow arbitrary code execution in the context of the current user. One important categorized vulnerability (CVE-2021-28593) was fixed, too.

Affected versions
Illustrator 2021 25.2.3 and earlier versions

Solution
Update to Illustrator 2021 25.3 (or newer) version

More information in the correspondent security bulletin.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fix to a critical security vulnerability (CVE-2021-28596). Successful exploitation of the vulnerability could lead to arbitrary code execution in the context of the current user.

Affected versions
-Framemaker 2019 release for Windows without update 8
-Framemaker 2020 release for Windows without update 2

More information from the Adobe's security advisory.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.005.20058

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.004.30006

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30199


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 11.0.2 and earlier versions for Windows

Solution:
- Update to Adobe Bridge 11.1


More information can be read from Adobe's security bulletin.

VMware ThinApp Updated

VMware has released updated version of their ThinApp for Windows. The update fixes a DLL hijacking vulnerability (CVE-2021-22000).

Affected versions:
-VMware ThinApp 5.x earlier than 5.2.10

More information in related VMware advisory.

VMware ESXi Vulnerabilities Fixed

VMware has released updated versions of their virtualization software patching security vulnerabilities (CVE-2021-21994, CVE-2021-21995).

Affected versions:
-VMware ESXi 7.0 without ESXi70U2-17630552
-VMware ESXi 6.7 without ESXi670-202103101-SG update
-VMware ESXi 6.5 without ESXi650-202107401-SG update
-VMware Cloud Foundation (ESXi) 4.x, patch pending
-VMware Cloud Foundation (ESXi) 3.x earlier than 3.10.2

More information in related VMware advisory.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 90 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.12 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.12 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Microsoft Security Updates For July 2021

Microsoft have released security updates for July 2021.

Release notes of the updates can be viewed here.

New PHP versions available

PHP development team has released 8.0.8 and 7.4.21 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 8.0.8
Version 7.4.21

Wednesday, June 23, 2021

Google Chrome Vulnerabilities Fixed

Google have released version 91.0.4472.114 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to four security vulnerabilities.

More information can be read from Google Chrome releases blog.

Sunday, June 13, 2021

Google Chrome updated

Google have released version 91.0.4472.101 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 14 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an important categorized vulnerability (CVE-2021-28579). Successful exploitation could lead to privilege escalation within the context of the victim's browser.

Affected versions:
- Adobe Connect earlier than 11.2.2

More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.005.20048

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.004.30005

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30197


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve two critical security vulnerabilities (CVE-2021-28624, CVE-2021-28582) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.9
- Adobe Photoshop 2021 versions 22.x earlier than 22.4.2

Instructions for updating are given in related security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix vulnerabilities of which three categorized as important (CVE-2021-28625, CVE-2021-28627, CVE-2021-28628) and one as moderate (CVE-2021-28626). Successful exploitation of the critical vulnerability could result in arbitrary JavaScript execution in the browser.

Affected versions
Adobe Experience Manager (AEM)
- AEM Cloud Service (CS)
- 6.5.8.0 and earlier

More information from the Adobe's security advisory.

Adobe Creative Cloud Desktop Application Installer Updated

Adobe has released a security update to fix two vulnerabilities in their Creative Cloud Desktop Application for Windows and macOS. Critical vulnerability (CVE-2021-28594) may allow an attacker to execute arbitrary code in the context of current user. The important categorized one (CVE-2021-28633) may allow arbitrary file system write.

Affected versions:
Creative Cloud Desktop Application installer earlier than 2.5 for Windows and macOS

More information can be read from Adobe's security bulletin.

Adobe RoboHelp Server Vulnerability Fixed

Adobe has released an updated version of their RoboHelp Server for Windows. The new version fixes an arbitrary code execution vulnerability (CVE-2021-28588).

Affected versions:
-RoboHelp Server earlier than 2020.0.1 version

More information can be read here.

Adobe Photoshop Elements Installer Fixed

Adobe have released an update to patch an important categorized vulnerability in Photoshop Elements installer. The vulnerability (CVE-2021-28597) may lead to privilege escalation in the context of the current user in the vulnerable system.

Affected versions:
Adobe Photoshop Elements installer earlier than 5.3 version for Windows

More information in the related security bulletin here.

Adobe Premiere Elements Installer Fixed

Adobe have released an update to patch an important categorized vulnerability in Premiere Elements installer. The vulnerability (CVE-2021-28623) may lead to privilege escalation in the context of the current user in the vulnerable system.

Affected versions:
Adobe Premiere Elements installer earlier than 5.3 version for Windows

More information in the related security bulletin here.

Adobe After Effects Updated

Adobe have released an update to patch critical vulnerabilities in their After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
Adobe After Effects earlier than 18.2.1 version

More information in security bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate. The new version fixes vulnerabilities of which some could allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Animate earlier than 21.0.7

More information in the correspondent bulletin.

Microsoft Security Updates For June 2021

Microsoft have released security updates for June 2021.

Release notes of the updates can be viewed here.

Monday, June 7, 2021

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.11 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 89 (advisory
-Mozilla Firefox ESR 78.x earlier than 78.11 (advisory)
-Mozilla Firefox for iOS earlier than 34 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

New PHP versions available

PHP development team has released 8.0.7 and 7.4.20 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Thursday, May 27, 2021

Google Chrome updated

Google have released version 91.0.4472.77 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 32 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.10.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Friday, May 14, 2021

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two vulnerabilities of which one is categorized as critical (CVE-2021-21084) and the other as important (CVE-2021-21083). Successful exploitation of the critical vulnerability could result in arbitrary JavaScript execution in the browser.

Affected versions
Adobe Experience Manager (AEM)
- AEM Cloud Service (CS)
- 6.5.7.0 and earlier
- 6.4.8.3 and earlier
- 6.3.3.8 and earlier

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves critical vulnerabilities (CVE-2021-21098, CVE-2021-21099, CVE-2021-21043) that could be abused to execute code remotely in the context of the current user.

Affected versions:
- Adobe InDesign earlier than 16.2.1

More information can be read from Adobe's security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes critical vulnerabilities that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2021 earlier than version 25.2.3

More information in the correspondent security bulletin.

Vulnerability Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows. The new version fixes a security vulnerability (CVE-2021-21090) that may allow arbitrary code execution in the context of the current user.

Affected versions and solutions
- Adobe InCopy 16.0 and earlier versions

More information can be read from Adobe security bulletin.

Adobe Genuine Service Updated

Adobe have released security updates to fix a vulnerability (CVE-2021-28547) in their Genuine Service. The vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Service earlier than 7.3 on Windows and macOS


Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.4.2 and earlier versions
Magento Commerce 2.4.1-p1 and earlier versions
Magento Commerce 2.3.6-p1 and earlier versions
Magento Open Source 2.4.2 and earlier versions
Magento Open Source 2.4.1-p1 and earlier versions
Magento Open Source 2.3.6-p1 and earlier versions

More information in the correspondent security bulletin.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability (CVE-2021-28581) in their Creative Cloud Desktop Application for Windows.

Affected versions:
Creative Cloud Desktop Application 5.3 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Adobe Media Encoder Updated

Adobe have released updated versions of their Media Encoder. The new versions fix one important categorized vulnerability (CVE-2021-28569).

Affected versions:
- Adobe Media Encoder versions earlier than 15.2

More information in related security bulletin.

Adobe After Effects Updated

Adobe have released an update to patch critical vulnerabilities in their After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
Adobe After Effects earlier than 18.2 version

More information in security bulletin.

Adobe Medium Updated

Adobe have released an updated version of their Adobe Medium. The new version fixes a critical vulnerability (CVE-2021-28580) that could allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Medium earlier than 2.4.5.332

More information in the correspondent bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate. The new version fixes vulnerabilities of which some could allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Animate earlier than 21.0.6

More information in the correspondent bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user. One (CVE-2021-28550) of the fixed vulnerabilities has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.001.20155

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30025

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30196


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For May 2021

Microsoft have released security updates for May 2021.

Release notes of the updates can be viewed here.

Google Chrome updated

Google have released version 90.0.4430.212 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 19 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Monday, May 10, 2021

Mozilla Thunderbird Updated

Mozilla have released updated versions of their Thunderbird email client containing a fix to a security vulnerability (CVE-2021-29951).

Affected versions (note: only Windows operating systems older than Win 10 build 1709 are affected):
- Mozilla Thunderbird earlier than 78.10.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Vulnerabilities Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 88.0.1 (advisory
-Mozilla Firefox ESR 78.x earlier than 78.10.1 (advisory

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Thursday, May 6, 2021

Foxit Reader And Foxit PhantomPDF Updated

Foxit Software has released version 10.1.4 of their Foxit Reader and Foxit PhantomPDF software for Windows. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 10.1.3.37598 and earlier (Windows)
Foxit PhantomPDF 10.1.3.37598 and all previous 10.x versions, 9.7.5.29616 and earlier (Windows)

More information can be read here.

Updated Version Of Foxit 3D Plugin Beta Available

Foxit Software has released a new version (10.1.4.37623) of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contains a fix for a security vulnerability which may lead to information disclosure or remote code execution.

Affected versions:
3D Plugin Beta 10.1.3.37598 and all previous 10.x versions, 9.7.4.29600 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

NVIDIA GPU Display Driver Updates

NVIDIA has released a security update for NVIDIA GPU Display Driver for Windows and Linux. The update contains fixes to multiple vulnerabilities that may lead to code execution, denial of service, escalation of privileges, and information disclosure.

More information can be read from the related security bulletin.

Wednesday, May 5, 2021

New iCloud Version For Windows Released

Apple have released new version of their iCloud client for Windows. New version fix security vulnerabilities.

iCloud for Windows 12.3 is for Windows 10 and later and is available via Windows Store.

More information about the security content of the new version can be read from the correspondent security advisory.

ITunes 12.11.3 For Windows Released

Apple have released version 12.11.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.11.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

Friday, April 23, 2021

Vulnerability In MySQL For Windows

There has been found a security vulnerability in MySQL for Windows. The vulnerability is a privilege escalation type of vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files.

By placing a specially-crafted openssl.cnf in a C:\build_area subdirectory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable MySQL software installed.

This vulnerability is addressed in the MySQL Windows installer version 8.0.24 and 5.7.34.

More information can be read here.

Google Chrome updated

Google have released version 90.0.4430.85 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to seven security vulnerabilities of which one (CVE-2021-21224) is exploited in the wild.

More information can be read from Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 88 (advisory
-Mozilla Firefox ESR 78.x earlier than 78.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Oracle Critical Patch Update For Q2 of 2021

Oracle have released updates for their products that fix 390 security issues (including four Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in July 2021.

Friday, April 16, 2021

New Google Chrome Version Available

Google have released a version 90.0.4430.72 of their Chrome web browser. In addition to other changes 37 security vulnerabilities were fixed. 

More information about changes can be viewed in Google Chrome release blog.

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to two security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.7.1

More information can be read from the WordPress blog.

Google Chrome updated

Google have released version 89.0.4389.128 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to two security vulnerabilities.

More information can be read from Google Chrome releases blog.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve two critical security vulnerabilities (CVE-2021-28548, CVE-2021-28549) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.7
- Adobe Photoshop 2021 versions 22.x earlier than 22.3.1

Instructions for updating are given in related security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fix to one privilege escalation vulnerability (CVE-2021-21100).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187606 version on macOS.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves critical vulnerabilities which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 10.1.1 and earlier versions for Windows
- Adobe Bridge 11.0.1 and earlier versions for Windows

Solution:
- Update to Adobe Bridge 10.1.2
- Update to Adobe Bridge 11.0.2


More information can be read from Adobe's security bulletin.

RoboHelp Update Available

Adobe has released an updated version of their RoboHelp for Windows. The new version fixes a privilege escalation vulnerability (CVE-2021-21070).

Affected versions:
-RH2020.0.3 and earlier

More information can be read here.

Microsoft Security Updates For April 2021

Microsoft have released security updates for April 2021.

Release notes of the updates can be viewed here.

Monday, April 12, 2021

Mozilla Thunderbird Patch Available

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.9.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Friday, April 9, 2021

ClamAV Updated

There has been released a new version 0.103.2 of ClamAV which is an open source antivirus engine. Among other fixes the new version patches also security vulnerabilities including a privilege escalation vulnerability (CVE-2021-1386) related to UnRAR DLL. This correspondent vulnerability affects versions 0.103.1 and prior on Windows only.

More information in ClamAV blog.

Monday, March 29, 2021

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 87 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.https://www.firefox.com/

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves a moderate categorized (CVE-2021-21087) vulnerability that could lead to arbitrary code execution.

Affected versions:
- ColdFusion (2021 release): version 2021.0.0.323925
- ColdFusion (2018 release): update 10 and earlier versions
- ColdFusion (2016 release): update 16 and earlier versions

More information can be read from Adobe's security bulletin.

Friday, March 19, 2021

Google Chrome Vulnerabilities Fixed

Google has released version 89.0.4389.90 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to five security vulnerabilities.

More information can be read from Google Chrome releases blog.

Thursday, March 11, 2021

Adobe Animate Security Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Animate. The new version fixes a critical vulnerability (CVE-2021-21052) that could allow arbitrary code execution in the context of the current user. Also five important categorized information disclosure vulnerabilities (CVE-2021-21072, CVE-2021-21073, CVE-2021-21074, CVE-2021-21075, CVE-2021-21076).

Affected versions
Adobe Animate earlier than 21.0.4

More information in the correspondent bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve two critical security vulnerabilities (CVE-2021-21082, CVE-2021-21067) which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop 2020 versions 21.x earlier than 21.2.6
Adobe Photoshop 2021 versions 22.x earlier than 22.3

Instructions for updating are given in related security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves one critical improper input validation vulnerability (CVE-2021-21085) and three important categorized reflected cross-site scripting vulnerability (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081). Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser.

Affected versions:
- Adobe Connect earlier than 11.2

More information can be read from Adobe's security bulletin.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix vulnerabilities in their Creative Cloud Desktop Application for Windows. Successful exploitation could lead to arbitrary file system write and privilege escalation in the context of the current user (CVE-2021-21068, CVE-2021-21078, CVE-2021-21069).

Affected versions:
Creative Cloud Desktop Application 5.3 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. New version contains fix to a critical security vulnerability (CVE-2021-21056). Successful exploitation of the vulnerability could lead to arbitrary code execution in the context of the current user.

Affected are versions 2019.0.8 and below for Windows.

More information from the Adobe's security advisory.

Microsoft Security Updates For March 2021

Microsoft have released security updates for March 2021.

Release notes of the updates can be viewed here.

Friday, March 5, 2021

Latest PHP Versions Available

PHP development team has released 8.0.3 and 7.4.16 versions of the PHP scripting language. New versions contain bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Google Chrome updated

Google have released version 89.0.4389.72 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 47 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Friday, February 26, 2021

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 86 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Friday, February 12, 2021

Adobe Dreamweaver Updated

Adobe have released updated version of their Dreamweaver for Windows and macOS.  This update resolves an information disclosure vulnerability (CVE-2021-21055).

Affected versions:
- Adobe Dreamweaver 20.x versions earlier than 20.2.1
- Adobe Dreamweaver 21.x versions earlier than 21.1

More information can be read from Adobe's security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes two critical vulnerabilities (CVE-2021-21053, CVE-2021-21054) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2021 earlier than version 25.2

More information in the correspondent security bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate. The new version fixes a critical vulnerability (CVE-2021-21052) that could allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Animate earlier than 21.0.3

More information in the correspondent bulletin.

Adobe Photoshop Fixed

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical security vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop 2020 versions 21.x earlier than 21.2.5
Adobe Photoshop 2021 versions 22.x earlier than 22.2


Instructions for updating are given in related security bulletin.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.4.1 and earlier versions
Magento Commerce 2.4.0-p1 and earlier versions
Magento Commerce 2.3.6 and earlier versions
Magento Open Source 2.4.1 and earlier versions
Magento Open Source 2.4.0-p1 and earlier versions
Magento Open Source 2.3.6 and earlier versions

More information in the correspondent security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.001.20135

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30020

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30190


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For February 2021

Microsoft have released security updates for February 2021.

Release notes of the updates can be viewed here.

Saturday, February 6, 2021

Adobe ColdFusion Vulnerability

There has been found a privilege escalation vulnerability in Adobe ColdFusion. The cause of vulnerability is that ColdFusion installer fails to properly set ACLs (access-control lists) on the default installation directory such as C:\ColdFusion2021. By exploiting the vulnerability it may be possible to run arbitrary code with SYSTEM privileges in Windows system with vulnerable ColdFusion version installed.

Solution is to use the ColdFusion Server Auto-Lockdown installer. More information available here.

New iCloud Versions For Windows Released

Apple have released new version of their iCloud client for Windows. New version fix security vulnerabilities.

iCloud for Windows 12.0 is for Windows 10 and later and is available via Windows Store.

More information about the security content of the new version can be read from the correspondent security advisory.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix a critical security vulnerability.

Affected versions:
-Mozilla Firefox earlier than 85.0.1
-Mozilla Firefox ESR 78.x earlier than 78.7.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.7 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Sunday, January 31, 2021

Google Chrome Vulnerabilities Fixed

Google has released version 88.0.4324.104 for Windows and 88.0.4324.96 for macOS and Linux. In addition to other changes the new version contains fixes to 36 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Oracle Critical Patch Update For Q1 of 2021

Oracle have released updates for their products that fix 329 security issues (including one Java fix) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2021.

Saturday, January 16, 2021

Adobe Bridge Updated

Adobe have updated their Bridge to new version. This new version resolves two critical vulnerabilities (CVE-2021-21012, CVE-2021-21013) which may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 11.0 and earlier versions for Windows

Solution:
- Update to Adobe Bridge 11.0.1


More information can be read from Adobe's security bulletin.

Adobe Captivate Hotfix Available

Adobe have released a security hotfix for Adobe Captivate for Windows. The fix addresses a privilege escalation vulnerability (CVE-2021-21011).

Affected versions and solution
Users of Adobe Captivate 2019 11.5.1.499 and earlier should install the hotfix

More information can be read from Adobe's security bulletin.

Vulnerability Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows. The new version fixes a security vulnerability (CVE-2021-21010) that may allow arbitrary code execution in the context of the current user.

Affected versions and solutions
- Adobe InCopy 15.1.3 and earlier versions should update to version 16.0

More information can be read from Adobe security bulletin.

Vulnerability Fixed In Adobe Campaign Classic

Adobe have released a new version of their Adobe Campaign Classic on Windows and Linux. The new version fixes a security vulnerability (CVE-2021-21009) that may result in information disclosure.

Affected versions and solutions
- Gold Standard 10 (and earlier versions) should update to Gold Standard 11
- 20.3.1 (and earlier versions) should update to 20.3.3 - Build 9234
- 20.2.3 (and earlier versions) should update to 20.2.4 - Build 9187
- 20.1.3 (and earlier versions) should update to 20.1.4 - Build 9126
- 19.2.3 (and earlier versions) should update to 19.2.4 - Build 9082
- 19.1.7 (and earlier versions) should update to 19.1.8 - Build 9039

More information can be read from Adobe security bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate CC. The new version fixes a vulnerability (CVE-2021-21008) that could allow arbitrary code execution in the context of the current user.

Affected versions
Animate 21.0 and earlier

Solution
Update to Adobe Animate version 21.0.2 or newer


More information in the correspondent bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes a critical vulnerability (CVE-2021-21007) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2020 25.0 and earlier versions

Solution
Update to Illustrator 2020 25.1 (or newer) version

More information in the correspondent security bulletin.

New Version Of Adobe Photoshop Available

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical security vulnerability (CVE-2021-21006) which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop 2021 versions 22.x earlier than 22.1.1 (Windows)

Solution:
Update to Adobe Photoshop 2021 22.1.1 version

Instructions for updating are given in related security bulletin.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing a fix to a security vulnerability (CVE-2020-16044).

Affected versions:
- Mozilla Thunderbird earlier than 78.6.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Microsoft Security Updates For January 2021

Microsoft have released security updates for January 2021.

Release notes of the updates can be viewed here.

Monday, January 11, 2021

NVIDIA GPU Display Driver Updates

NVIDIA has released a security update for NVIDIA GPU Display Driver. The update contains fixes to multiple vulnerabilities that may lead to denial of service, escalation of privileges, data tampering or information disclosure.

More information can be read from the related security bulletin.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix a critical security vulnerability (CVE-2020-16044).

Affected versions:
-Mozilla Firefox earlier than 84.0.2
-Mozilla Firefox ESR 78.x earlier than 78.6.1
-Mozilla Firefox for Android earlier than 84.1.3

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Thursday, January 7, 2021

Google Chrome updated

Google have released version 87.0.4280.141 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 16 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Tuesday, January 5, 2021

Foxit PhantomPDF Security Update

Foxit Software has released version 9.7.5 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 9.7.4.29600 and earlier (Windows)

More information can be read here.