Wednesday, January 26, 2022

Google Chrome New Update Available

Google have released version 97.0.4692.99 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 26 security vulnerabilities.

More information can be read from Google Chrome releases blog.

Oracle Critical Patch Update For Q1 of 2022

Oracle have released updates for their products that fix 497 security issues (including 18 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in April 2022.

VMware Patches Available

VMware has released updated versions of their virtualization software patching a security vulnerability (CVE-2022-22938).

Affected versions:
-VMware Workstation Pro/Player 16.x for Windows earlier than 16.2.2
-VMware Horizon Client for Windows earlier than 5.5.3

More information in the VMware advisory.

Tuesday, January 18, 2022

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat for Windows and macOS. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 21.011.20039

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.004.30020

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.011.30207


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Illustrator Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator for Windows and macOS. The new version fixes vulnerabilities (CVE-2021-43752, CVE-2021-44700) that may lead to privilege escalation.

Affected versions
Illustrator 2022 26.0.1 and earlier versions
Illustrator 2021 25.4.2 and earlier versions

Solution
Update Illustrator 2022 to 26.0.2 (or newer) version
Update Illustrator 2021 to 25.4.3 (or newer) version


More information in the correspondent security bulletin.

Sunday, January 16, 2022

Adobe Bridge Updated

Adobe Bridge has received a new version. This new version resolves vulnerabilities of which on (CVE-2021-44743) may allow execution of arbitrary code.

Affected versions:
- Adobe Bridge 12.0 and earlier versions for Windows and macOS
- Adobe Bridge 11.1.2 and earlier versions for Windows and macOS

Solution:
- Update to Adobe Bridge 12.0.1 or 11.1.3


More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe InCopy

Adobe have released a new version of their Adobe InCopy on Windows and macOS. The new version fixes three security vulnerabilities (CVE-2021-45053, CVE-2021-45055, CVE-2021-45056) that may allow arbitrary code execution in the context of the current user and another vulnerability (CVE-2021-45054) that may allow privilege escalation.

Affected versions and solutions
- Adobe InCopy 16.4 and earlier versions for Windows and macOS

More information can be read from Adobe security bulletin.

Adobe InDesign Update Available

Adobe have released updated version of Adobe InDesign. The new update resolves security vulnerabilities (CVE-2021-45057, CVE-2021-45058, CVE-2021-45059) that could lead to arbitrary code execution and privilege escalation.

Affected versions:
- Adobe InDesign earlier than 16.4.1 for Windows and macOS

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For January 2022

Microsoft have released security updates for January 2022.

Release notes of the updates can be viewed here.

Wednesday, January 12, 2022

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 96 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.5 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, January 10, 2022

Google Chrome Vulnerabilities Fixed

Google have released version 97.0.4692.71 for Windows, macOS and Linux. In addition to other changes the new version contains fixes to 37 security vulnerabilities.

More information can be read from Google Chrome releases blog.

WordPress 5.8.3 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains also patches to four security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 5.8.3

More information can be read from the WordPress blog.

Friday, January 7, 2022

VMware Product Patches Available

VMware has released updated versions of their virtualization software patching a security vulnerability (CVE-2021-22045).

Affected versions:
-VMware ESXi 7.0 (patch pending at the moment of writing this)
-VMware ESXi 6.7 without ESXi670-202111101-SG update
-VMware ESXi 6.5 without ESXi650-202110101-SG update
-VMware Cloud Foundation (ESXi) 4.x (patch pending at the moment of writing this)
-VMware Cloud Foundation (ESXi) 3.x (patch pending at the moment of writing this)
-VMware Workstation 16.x for Windows earlier than 16.2.0
-VMware Fusion Pro / Fusion 12.x earlier than 12.2.0

Workaround for those at "patch pending" stage can be read here.

More information in the VMware advisory.