Microsoft Security Updates For December 2022

Microsoft have released security updates for December 2022.

Release notes of the updates can be viewed here.

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 108.0.5359.94 is available for Mac and Linux and 108.0.5359.94/.95 for Windows. Among other changes one security vulnerability (CVE-2022-4262) is fixed.

More information available in Google Chrome releases blog.

Microsoft Security Updates For November 2022

Microsoft have released security updates for November 2022.

Release notes of the updates can be viewed here.

New PHP Update Available For 7.4.x Versions

PHP development team has released 7.4.33 version of the PHP scripting language for 7.4.x branch. New version fix a security issue. All PHP 7.4.x users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 7.4.33

Oracle Critical Patch Update For Q4 of 2022

Oracle has released updates for their products that fix 370 security issues (including nine Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in January 2023.

Microsoft Security Updates For October 2022

Microsoft have released security updates for October 2022.

Release notes of the updates can be viewed here.

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 106.0.5249.103 is available for Windows, macOS and Linux.

More information available in Google Chrome releases blog.

New PHP versions available

PHP development team has released 8.1.11, 8.0.24 and 7.4.32 versions of the PHP scripting language. New versions fix security issues among other bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 8.1.11

Version 8.0.24

Version 7.4.32

Microsoft Security Updates For September 2022

Microsoft have released security updates for September 2022.

Release notes of the updates can be viewed here.

New PHP versions available

PHP development team has released 8.1.10 and 8.0.23 versions of the PHP scripting language. New versions fix security issues among other bug fixes. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 8.1.10

Version 8.0.23

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 105.0.5195.52/53/54 is available for Windows and version 105.0.5195.52 for macOS and Linux. Among other changes the new version contains fixes for 24 security vulnerabilities.

More information available in Google Chrome releases blog.

VMware Tools Update Available

VMware have released updated versions of their virtualization software to fix a security vulnerability. VMware Tools is affected by a local privilege escalation vulnerability (CVE-2022-31676). A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Affected versions:

-VMware Tools for Windows and Linux versions earlier than 12.1.0

More information with instructions for updating can be read from the correspondent VMware advisory.

Google Chrome Updated

Google have released version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows. In addition to other changes the new version contains fixes to 11 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Microsoft Security Updates For August 2022

Microsoft have released security updates for August 2022.

Release notes of the updates can be viewed here.

New PHP versions available

PHP development team has released 8.1.9 and 8.0.22 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 8.1.9

Version 8.0.22

Oracle Critical Patch Update For Q3 of 2022

Oracle has released updates for their products that fix 349 security issues (including five Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in October 2022.

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 103.0.5060.134 is available for Windows, macOS and Linux. Among other changes the new version contains fixes for 11 security vulnerabilities.

More information available in Google Chrome releases blog.

RoboHelp Update Available

Adobe has released an updated version of their RoboHelp for Windows and macOS. The new versions fix as important categorized arbitrary code execution vulnerability (CVE-2022-23201).

Affected versions:
-RH2020.0.7 and earlier

More information can be read here.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat for Windows and macOS. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 22.001.20169

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.005.30362

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.012.30249


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Character Animator Updated

There has been released a new version of Adobe Character Animator. The new version fixes two vulnerabilities (CVE-2022-34241, CVE-2022-34242) that could lead to remote code execution.

Affected versions:
- Character Animator 2021 4.4.7 and earlier versions
- Character Animator 2022 22.4 and earlier versions

More information can be read from the Adobe security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve one critical security vulnerability (CVE-2022-34243) which could lead to arbitrary code execution and one important (CVE-2022-34244) which could lead to memory leak in the context of the current user.

Affected versions on Windows and macOS:
- Adobe Photoshop 2022 versions 23.x earlier than 23.4.1
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.8

Instructions for updating are given in related security bulletin.

Microsoft Security Updates For July 2022

Microsoft have released security updates for July 2022.

Release notes of the updates can be viewed here.

Mozilla Thunderbird Updated

Mozilla have released updated versions of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 102

- Mozilla Thunderbird earlier than 91.11

More information in this advisory.

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version).

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:

-Mozilla Firefox earlier than 102 (advisory)

-Mozilla Firefox ESR 91.x earlier than 91.11 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

New PHP versions available

PHP development team has released 8.1.7, 8.0.20 and 7.4.30 versions of the PHP scripting language. Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 8.1.7

Version 8.0.20

Version 7.4.30

Microsoft Security Updates For June 2022

Microsoft have released security updates for June 2022.

Release notes of the updates can be viewed here.

Google Chrome Updated

Google have released version 102.0.5005.115 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to seven security vulnerabilities.

More information can be read from Google Chrome releases blog.

Mozilla Firefox Vulnerabilities Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:

-Mozilla Firefox earlier than 101 (advisory)

-Mozilla Firefox ESR 91.x earlier than 91.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Vulnerabilities Fixed

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 91.10 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox And Thunderbird Updated

Mozilla have patched vulnerabilities in their Firefox web browser and Thunderbird email client. New versions fix security vulnerabilities.

Affected versions:

-Mozilla Firefox earlier than 100.0.2

-Mozilla Firefox ESR 91.x earlier than 91.9.1

-Mozilla Firefox for Android earlier than 100.3.0

-Mozilla Thunderbird earlier than 91.9.1

More information can be read in correspondent security advisory.

Google Chrome New Update Available

Google has released version 102.0.5005.61 for macOS and Linux and 102.0.5005.61/62/63 for Windows. In addition to other changes the new version contains fixes to 32 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 100 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.9 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome New Update Available

Google have released version 101.0.4951.64 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 13 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Microsoft Security Updates For May 2022

Microsoft have released security updates for May 2022.

Release notes of the updates can be viewed here.

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 101.0.4951.41 is available for Windows, macOS and Linux. Among other changes the new version contains fixes for 29 security vulnerabilities.

More information available in Google Chrome releases blog.

OpenJDK Vulnerabilities Fixed

OpenJDK is an open-source implementation of Java Platform, Standard Edition, and related projects. OpenJDK source code has been updated to fix security vulnerabilities (CVE-2022-21476, CVE-2022-21449, CVE-2022-21496, CVE-2022-21434, CVE-2022-21426 and CVE-2022-21443).

Affected OpenJDK versions are 18, 17.0.2, 15.0.6, 13.0.10, 11.0.14, 8u322, 7u331, and earlier. More information in OpenJDK vulnerability advisory.

Oracle Critical Patch Update For Q2 of 2022

Oracle have released updates for their products that fix 520 security issues (including seven Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in July 2022.

Adobe Commerce Updated

Adobe has released updates for Adobe Commerce and Magento Open Source editions. The new versions fix a critical vulnerability (CVE-2022-24093) which may lead to arbitrary code execution.

Affected versions
Adobe Commerce 2.4.3-p1 and earlier versions
Adobe Commerce 2.3.7-p2 and earlier versions
Magento Open Source 2.4.3-p1 and earlier versions
Magento Open Source 2.3.7-p2 and earlier versions

More information in the correspondent security bulletin.

Adobe After Effects Updated

Adobe has released an update to patch two critical vulnerabilities (CVE-2022-27783 and CVE-2022-27784) in After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
- Adobe After Effects earlier than 22.3 version on Windows and macOS
- Adobe After Effects earlier than 18.4.6 version on Windows and macOS

More information in security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a bunch of critical vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions on Windows and macOS:
- Adobe Photoshop 2022 versions 23.x earlier than 23.3
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.7

Instructions for updating are given in related security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat for Windows and macOS. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 22.001.20085

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.005.30314

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.012.30205


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2022

Microsoft have released security updates for April 2022.

Release notes of the updates can be viewed here.

Vulnerability Fixed In Google Chrome

Google has released updated version of their Chrome web browser. Version 100.0.4896.75 is available for Windows, macOS and Linux. The update fixes a security vulnarability (CVE-2022-1232).

More information available in Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 91.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:

-Mozilla Firefox earlier than 99 (advisory)

-Mozilla Firefox ESR 91.x earlier than 91.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Google Chrome Updated

Google has released updated version of their Chrome web browser. Version 100.0.4896.60 is available for Windows, macOS and Linux. Among other changes the new version contains fixes for 28 security vulnerabilities.

More information available in Google Chrome releases blog.

Patch to Chrome Vulnerability Available

Google has released updated version of their Chrome web browser. Version 99.0.4844.84 is available for Windows, macOS and Linux. It fixes a security vulnerability (CVE-2022-1096) that has an exploit in the wild.

More information available in Google Chrome releases blog.

Google Chrome Vulnerabilities Fixed

Google have released version 99.0.4844.74 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 11 security vulnerabilities.

More information can be read from Google Chrome releases blog.

WordPress 5.9.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to three security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:

WordPress versions earlier than 5.9.2

More information can be read from the WordPress blog.

PHP version 8.0.17 available

PHP development team has released 8.0.17 version of the PHP scripting language. This is a bug release. All PHP 8.0 users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:

Version 8.0.17

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a security vulnerability (CVE-2022-24090) which could lead to memory leak in the context of the current user.

Affected versions on Windows and macOS:

- Adobe Photoshop 2022 versions 23.x earlier than 23.2

- Adobe Photoshop 2021 versions 22.x earlier than 22.5.6

Instructions for updating are given in related security bulletin.

Adobe Illustrator Updated

Adobe have released an updated version of their Adobe Illustrator for Windows and macOS. The new version fixes a security vulnerability (CVE-2022-23187) that may allow arbitrary code execution.

Affected versions

Illustrator 2022 26.0.3 and earlier versions

Illustrator 2021 25.4.4 and earlier versions

Solution

Update Illustrator 2022 to 26.1.0 (or newer) version

Update Illustrator 2021 to 25.4.5 (or newer) version

More information in the correspondent security bulletin.

Adobe After Effects Updated

Adobe has released an update to patch a critical vulnerabilities (CVE-2022-24094, CVE-2022-24095, CVE-2022-24096 and CVE-2022-24097) in After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:

- Adobe After Effects earlier than 22.2.1 version on Windows and macOS

- Adobe After Effects earlier than 18.4.5 version on Windows and macOS

More information in security bulletin.

Microsoft Security Updates For March 2022

Microsoft have released security updates for March 2022.

Release notes of the updates can be viewed here.

Mozilla Products Updated

Mozilla have released updated versions of some of their products. New versions fix two critical security vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Both vulnerabilities have been exploited in the wild.

Affected versions:

-Mozilla Firefox earlier than 97.0.2

-Mozilla Firefox ESR 91.x earlier than 91.6.1

-Firefox for Android earlier than 97.3

-Focus earlier than 97.3

-Thunderbird earlier than 91.6.2

More information about the vulnerabilities can be read from the advisory.

VMware Tools Update Available

VMware have released updated versions of their virtualization software to fix a security vulnerability. VMware Tools for Windows is affected by An uncontrolled search path vulnerability (CVE-2022-22943). A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.

Affected versions:

-VMware Tools for Windows versions earlier than 12.0.0

More information with instructions for updating can be read from the correspondent VMware advisory.

Google Chrome New Update Available

Google have released version 99.0.4844.51 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 28 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 97 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Adobe Commerce Vulnerabilities Fixed

Adobe has released updates for Adobe Commerce and Magento Open Source editions. The new versions fix a critical vulnerablity (CVE-2022-24086) which may lead to arbitrary code execution.

Affected versions
Adobe Commerce 2.4.3-p1 and earlier versions
Adobe Commerce 2.3.7-p2 and earlier versions
Magento Open Source 2.4.3-p1 and earlier versions
Magento Open Source 2.3.7-p2 and earlier versions

More information in the correspondent security bulletin.

Adobe Creative Cloud Desktop Application Updated

Adobe has released a security update to fix a critical vulnerability (CVE-2022-23202) in their Creative Cloud Desktop Application for macOS. The vulnerability may allow arbitrary code execution in the context of the current user.

Affected versions:
Creative Cloud Desktop Application (Installer) 2.7.0.13 and earlier versions for Windows

More information can be read from Adobe's security bulletin.

Adobe After Effects Updated

Adobe has released an update to patch a critical vulnerability (CVE-2022-23200) in After Effects application. The vulnerability could allow arbitrary code execution in the context of the current user.

Affected versions:
- Adobe After Effects earlier than 22.2 version on Windows and macOS
- Adobe After Effects earlier than 18.4.4 version on Windows and macOS

More information in security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a security vulnerability (CVE-2022-23203) which could lead to arbitrary code execution in the context of the current user.

Affected versions on Windows and macOS:
- Adobe Photoshop 2022 versions 23.x earlier than 23.1.1
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.5

Instructions for updating are given in related security bulletin.

Adobe Illustrator Updated

Adobe have released an updated version of their Adobe Illustrator for Windows and macOS. The new version fixes bunch of security vulnerabilities of which some may allow arbitrary code execution.

Affected versions
Illustrator 2022 26.0.2 and earlier versions
Illustrator 2021 25.4.3 and earlier versions

Solution
Update Illustrator 2022 to 26.0.3 (or newer) version
Update Illustrator 2021 to 25.4.4 (or newer) version


More information in the correspondent security bulletin.

Adobe Premiere Rush Update Released

Adobe has released an update to patch a vulnerability in Premiere Rush application. The vulnerability may allow privilege escalation (CVE-2022-23204).

Affected versions:
Adobe Premiere Rush earlier than 2.3 version for Windows

More information in the related security bulletin here.

Microsoft Security Updates For February 2022

Microsoft have released security updates for February 2022.

Release notes of the updates can be viewed here.

Google Chrome updated

Google have released version 98.0.4758.80/81/82 for Windows and 98.0.4758.80 macOS and Linux. In addition to other changes the new version contains fixes to 27 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Vulnerability in VMware Cloud Foundation

VMware have released updated versions of their virtualization software patching a security vulnerability (CVE-2022-22939).

Affected versions:
-VMware Cloud Foundation (NSX-T) 4.x earlier than 4.3.1.1
-VMware Cloud Foundation (NSX-T) 3.x (patch pending, check back the advisory)

More information in VMware advisory here.

Foxit PDF Reader And Foxit PDF Editor Updated

Foxit Software has released version 11.2.1 of their Foxit PDF Reader and Foxit PDF Editor software for Windows. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PDF Reader (previously named Foxit Reader) 11.1.0.52543 and earlier (Windows)
Foxit PDF Editor (previously named Foxit PhantomPDF) 11.2.0.53415 and all previous 11.x versions, 10.1.6.37749 and earlier (Windows)

More information can be read here.

Google Chrome New Update Available

Google have released version 97.0.4692.99 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 26 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Oracle Critical Patch Update For Q1 of 2022

Oracle have released updates for their products that fix 497 security issues (including 18 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in April 2022.

VMware Patches Available

VMware has released updated versions of their virtualization software patching a security vulnerability (CVE-2022-22938).

Affected versions:

-VMware Workstation Pro/Player 16.x for Windows earlier than 16.2.2

-VMware Horizon Client for Windows earlier than 5.5.3

More information in the VMware advisory.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat for Windows and macOS. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 21.011.20039

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.004.30020

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.011.30207


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows and macOS. The new version fixes vulnerabilities (CVE-2021-43752, CVE-2021-44700) that may lead to privilege escalation.

Affected versions
Illustrator 2022 26.0.1 and earlier versions
Illustrator 2021 25.4.2 and earlier versions

Solution
Update Illustrator 2022 to 26.0.2 (or newer) version
Update Illustrator 2021 to 25.4.3 (or newer) version


More information in the correspondent security bulletin.

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves vulnerabilities of which on (CVE-2021-44743) may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 12.0 and earlier versions for Windows and macOS
- Adobe Bridge 11.1.2 and earlier versions for Windows and macOS

Solution:
- Update to Adobe Bridge 12.0.1 or 11.1.3


More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows and macOS. The new version fixes three security vulnerabilities (CVE-2021-45053, CVE-2021-45055, CVE-2021-45056) that may allow arbitrary code execution in the context of the current user and another vulnerability (CVE-2021-45054) that may allow privilege escalation.

Affected versions and solutions
- Adobe InCopy 16.4 and earlier versions for Windows and macOS

More information can be read from Adobe security bulletin.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves security vulnerabilities (CVE-2021-45057, CVE-2021-45058, CVE-2021-45059) that could lead to arbitrary code execution and privilege escalation.

Affected versions:
- Adobe InDesign earlier than 16.4.1 for Windows and macOS

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For January 2022

Microsoft have released security updates for January 2022.

Release notes of the updates can be viewed here.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:

- Mozilla Thunderbird earlier than 91.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:

-Mozilla Firefox earlier than 96 (advisory)

-Mozilla Firefox ESR 91.x earlier than 91.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Google Chrome Vulnerabilities Fixed

Google have released version 97.0.4692.71 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 37 security vulnerabilities.

More information can be read from Google Chrome releases blog.

WordPress 5.8.3 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to four security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:

WordPress versions earlier than 5.8.3

More information can be read from the WordPress blog.

VMware Product Patches Available

VMware has released updated versions of their virtualization software patching a security vulnerability (CVE-2021-22045).

Affected versions:

-VMware ESXi 7.0 (patch pending at the moment of writing this)

-VMware ESXi 6.7 without ESXi670-202111101-SG update

-VMware ESXi 6.5 without ESXi650-202110101-SG update

-VMware Cloud Foundation (ESXi) 4.x (patch pending at the moment of writing this)

-VMware Cloud Foundation (ESXi) 3.x (patch pending at the moment of writing this)

-VMware Workstation 16.x for Windows earlier than 16.2.0

-VMware Fusion Pro / Fusion 12.x earlier than 12.2.0

Workaround for those at "patch pending" stage can be read here.

More information in the VMware advisory.