Sunday, September 19, 2021

Updates To Adobe XMP-Toolkit-SDK Released

Adobe has released updates for XMP-Toolkit-SDK. Updates fix an important categorized vulnerability (CVE-2021-40716) which may lead to arbitrary file system read in the context of the current user.

Affected versions
-Adobe XMP-Toolkit-SDK versions earlier than 2021.08
 
More information in correspondent security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a critical security vulnerability (CVE-2021-40709) that could lead to arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Photoshop 2020 versions 21.x earlier than 21.2.12
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.1

Instructions for updating are given in related security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix vulnerabilities of which one categorized as critical (CVE-2021-40711) and three categorized as important (CVE-2021-40712, CVE-2021-40713, CVE-2021-40714). Successful exploitation of these could result in arbitrary code execution.

Affected versions
Adobe Experience Manager (AEM)
- AEM Cloud Service (CS)
- 6.5.9.0 and earlier

More information from the Adobe's security advisory.

Adobe Genuine Service Updated

Adobe have released security updates to fix a vulnerability (CVE-2021-40708) in their Genuine Service. The vulnerability could lead to privilege escalation in the context of the current user.

Affected versions:
Adobe Genuine Service earlier than 7.4 on Windows and macOS


Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.


More information about fixed vulnerability can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The updated version contains fixes to three vulnerabilities (CVE-2021-39826, CVE-2021-39827, CVE-2021-39828).

Affected versions are Adobe Digital Editions earlier than 4.5.11.187658 version on macOS.

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Premiere Elements Fixed

Adobe have released an update to patch vulnerabilities in Premiere Elements. The vulnerabilities may lead to arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Premiere Elements earlier than 2021 [build 19.0 (20210809.daily.2242976)] version for Windows and macOS

More information in the related security bulletin here.

Adobe Photoshop Elements Vulnerability Fixed

Adobe have released an update to patch a critical vulnerability (CVE-2021-39825) in Photoshop Elements. The vulnerability may lead to arbitrary code execution in the context of the current user in the vulnerable system.

Affected versions:
Adobe Photoshop Elements earlier than 2021 [build 19.0 (20210811.m.158081)] version for Windows and macOS

More information in the related security bulletin here.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a vulnerability (CVE-2021-28613) in their Creative Cloud Desktop Application for macOS.

Affected versions:
Creative Cloud Desktop Application 5.4 and earlier versions for macOS

More information can be read from Adobe's security bulletin.

Adobe ColdFusion Updated

Adobe have released updated version of ColdFusion web application development platform. This fix resolves two critical categorized (CVE-2021-40698, CVE-2021-40699) vulnerabilities that may lead to a security feature bypass.

Affected versions:
- ColdFusion (2021 release): version 1 and earlier versions
- ColdFusion (2018 release): update 11 and earlier versions

More information can be read from Adobe's security bulletin.

Adobe Framemaker Vulnerabilities Fixed

Adobe has released an updated version of their Framemaker. New version contains fixes to security vulnerabilities of which some (CVE-2021-39829, CVE-2021-39830, CVE-2021-39831, CVE-2021-39832) critical. Successful exploitation of these could lead to arbitrary code execution in the context of the current user.

Affected versions
-Framemaker 2019 release for Windows without update 8 (hotfix)
-Framemaker 2020 release for Windows without update 3

More information from the Adobe's security advisory.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves critical vulnerabilities (CVE-2021-39820, CVE-2021-39821, CVE-2021-39822) that could be abused to execute code remotely in the context of the current user.

Affected versions:
- Adobe InDesign earlier than 16.4 for Windows and macOS

More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows. The new version fixes a security vulnerability (CVE-2021-39818) that may allow arbitrary code execution in the context of the current user and another vulnerability (CVE-2021-39819) that may allow arbitrary file system write.

Affected versions and solutions
- Adobe InCopy 16.3 and earlier versions for Windows
- Adobe InCopy 16.3.1 and earlier versions for macOS

More information can be read from Adobe security bulletin.

Saturday, September 18, 2021

Adobe Premiere Pro Fixed

Adobe have released an update to patch vulnerabilities in their Premiere Pro application. The vulnerabilities (CVE-2021-40710, CVE-2021-40715) may allow arbitrary code execution in vulnerable system.

Affected versions:
Adobe Premiere Pro earlier than 15.4.1 version for Windows

More information in the related security bulletin here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2021.007.20091

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 2020.004.30015

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 2017.011.30202


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2021

Microsoft have released security updates for September 2021.

Release notes of the updates can be viewed here.

Google Chrome updated

Google have released version 93.0.4577.82 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 11 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Monday, September 13, 2021

New WordPress Version Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to three security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.8.1

More information can be read from the WordPress blog.

New Mozilla Thunderbird Version Released

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.1 (advisory)
- Mozilla Thunderbird earlier than 78.14 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Microsoft MSHTML Vulnerability

Microsoft is investigating reports of a remote code execution vulnerability (CVE-2021-40444) in MSHTML that affects Microsoft Windows. 

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.

At the moment there's no patch available against the vulnerability. Information about mitigations and workarounds can be read here.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 92 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.1 (advisory)
-Mozilla Firefox ESR 78.x earlier than 78.14 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, September 6, 2021

New Google Chrome Version Released

Google have released version 93.0.4577.63 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 27 security vulnerabilities.

More information can be read from Google Chrome releases blog.