Tuesday, April 26, 2022

OpenJDK Vulnerabilities Fixed

OpenJDK is an open-source implementation of Java Platform, Standard Edition, and related projects. OpenJDK source code has been updated to fix security vulnerabilities (CVE-2022-21476, CVE-2022-21449, CVE-2022-21496, CVE-2022-21434, CVE-2022-21426 and CVE-2022-21443).

Affected OpenJDK versions are 18, 17.0.2, 15.0.6, 13.0.10, 11.0.14, 8u322, 7u331, and earlier. More information in OpenJDK vulnerability advisory.

Oracle Critical Patch Update For Q2 of 2022

Oracle have released updates for their products that fix 520 security issues (including seven Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in July 2022.

Adobe Commerce Updated

Adobe has released updates for Adobe Commerce and Magento Open Source editions. The new versions fix a critical vulnerability (CVE-2022-24093) which may lead to arbitrary code execution.

Affected versions
Adobe Commerce 2.4.3-p1 and earlier versions
Adobe Commerce 2.3.7-p2 and earlier versions
Magento Open Source 2.4.3-p1 and earlier versions
Magento Open Source 2.3.7-p2 and earlier versions

More information in the correspondent security bulletin.

Adobe After Effects Updated

Adobe has released an update to patch two critical vulnerabilities (CVE-2022-27783 and CVE-2022-27784) in After Effects application. The vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
- Adobe After Effects earlier than 22.3 version on Windows and macOS
- Adobe After Effects earlier than 18.4.6 version on Windows and macOS

More information in security bulletin.

Adobe Photoshop Vulnerability Fixed

Adobe have released new versions of Adobe Photoshop for Windows and macOS. These updates resolve a bunch of critical vulnerabilities which could lead to arbitrary code execution in the context of the current user.

Affected versions on Windows and macOS:
- Adobe Photoshop 2022 versions 23.x earlier than 23.3
- Adobe Photoshop 2021 versions 22.x earlier than 22.5.7

Instructions for updating are given in related security bulletin.

Friday, April 15, 2022

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat for Windows and macOS. Exploiting the vulnerabilities could allow arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 22.001.20085

*Acrobat 2020 and Acrobat Reader 2020, 2020 classic track
versions earlier than 20.005.30314

*Acrobat 2017 and Acrobat Reader 2017, 2017 classic track
versions earlier than 17.012.30205


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Full version of Adobe Acrobat Reader DC and a trial version of Adobe Acrobat Pro DC can be found here.


More information about fixed vulnerability can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2022

Microsoft have released security updates for April 2022.

Release notes of the updates can be viewed here.

Thursday, April 7, 2022

Vulnerability Fixed In Google Chrome

Google has released updated version of their Chrome web browser. Version 100.0.4896.75 is available for Windows, macOS and Linux. The update fixes a security vulnarability (CVE-2022-1232).

More information available in Google Chrome releases blog.

Mozilla Thunderbird Updated

Mozilla have released updated version of their Thunderbird email client containing some fixes to security vulnerabilities.

Affected versions:
- Mozilla Thunderbird earlier than 91.6 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of their Firefox web browser. New versions fix security vulnerabilities.

Affected versions:
-Mozilla Firefox earlier than 99 (advisory)
-Mozilla Firefox ESR 91.x earlier than 91.8 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Monday, April 4, 2022

Google Chrome Updated


Google has released updated version of their Chrome web browser. Version 100.0.4896.60 is available for Windows, macOS and Linux. Among other changes the new version contains fixes for 28 security vulnerabilities.

More information available in Google Chrome releases blog.