Friday, February 26, 2021

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 86 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Friday, February 12, 2021

Adobe Dreamweaver Updated

Adobe have released updated version of their Dreamweaver for Windows and macOS.  This update resolves an information disclosure vulnerability (CVE-2021-21055).

Affected versions:
- Adobe Dreamweaver 20.x versions earlier than 20.2.1
- Adobe Dreamweaver 21.x versions earlier than 21.1

More information can be read from Adobe's security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows. The new version fixes two critical vulnerabilities (CVE-2021-21053, CVE-2021-21054) that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator 2021 earlier than version 25.2

More information in the correspondent security bulletin.

Adobe Animate Updated

Adobe have released an updated version of their Adobe Animate. The new version fixes a critical vulnerability (CVE-2021-21052) that could allow arbitrary code execution in the context of the current user.

Affected versions
Adobe Animate earlier than 21.0.3

More information in the correspondent bulletin.

Adobe Photoshop Fixed

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical security vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions:
Adobe Photoshop 2020 versions 21.x earlier than 21.2.5
Adobe Photoshop 2021 versions 22.x earlier than 22.2


Instructions for updating are given in related security bulletin.

Magento Vulnerabilities Fixed

Magento has released updates for Magento Commerce and Open Source editions. The new versions fix a bunch of vulnerabilities of which many critical and that may allow arbitrary code execution.

Affected versions
Magento Commerce 2.4.1 and earlier versions
Magento Commerce 2.4.0-p1 and earlier versions
Magento Commerce 2.3.6 and earlier versions
Magento Open Source 2.4.1 and earlier versions
Magento Open Source 2.4.0-p1 and earlier versions
Magento Open Source 2.3.6 and earlier versions

More information in the correspondent security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.001.20135

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.001.30020

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30190


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For February 2021

Microsoft have released security updates for February 2021.

Release notes of the updates can be viewed here.

Saturday, February 6, 2021

Adobe ColdFusion Vulnerability

There has been found a privilege escalation vulnerability in Adobe ColdFusion. The cause of vulnerability is that ColdFusion installer fails to properly set ACLs (access-control lists) on the default installation directory such as C:\ColdFusion2021. By exploiting the vulnerability it may be possible to run arbitrary code with SYSTEM privileges in Windows system with vulnerable ColdFusion version installed.

Solution is to use the ColdFusion Server Auto-Lockdown installer. More information available here.

New iCloud Versions For Windows Released

Apple have released new version of their iCloud client for Windows. New version fix security vulnerabilities.

iCloud for Windows 12.0 is for Windows 10 and later and is available via Windows Store.

More information about the security content of the new version can be read from the correspondent security advisory.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix a critical security vulnerability.

Affected versions:
-Mozilla Firefox earlier than 85.0.1
-Mozilla Firefox ESR 78.x earlier than 78.7.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 78.7 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.