Monday, January 20, 2020

New Google Chrome Version Released

Google have released a version 79.0.3945.130 of their Chrome web browser. The new version contains fixes to 11 security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Vulnerability In Internet Explorer

There has been found a vulnerability (CVE-2020-0674) affecting Microsoft Internet Explorer browsers. The vulnerability is related to the way that the scripting engine handles objects in memory in Internet Explorer. By exploiting the vulnerability an attacker may execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights an attacker may be able to take control of an affected system. Microsoft is aware of some targeted attacks exploiting the vulnerability.

Internet Explorer 9, 10 and 11

At the moment of writing this there is no update available against the vulnerability. Microsoft has published a workaround while it's working on the update. More information here.

Friday, January 17, 2020

Symantec Intelligence Report: December 2019

Symantec have published their Intelligence report that sums up the latest threat trends for December 2019.

The report can be viewed here.

Oracle Critical Patch Update For Q1 of 2020

Oracle have released updates for their products that fix 334 security issues (including 12 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2020.

Thursday, January 16, 2020

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.7.1 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader and earlier (Windows)
Foxit PhantomPDF and earlier (Windows)

More information can be read here.

Adobe Illustrator CC Vulnerabilities Fixed

Adobe have released an updated version of their Adobe Illustrator CC for Windows. The new version fixes critical vulnerabilities that may allow arbitrary code execution in the context of the current user.

Affected versions
Illustrator CC 2019 24.0 and earlier versions

More information in the correspondent bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Adobe Experience Manager (AEM). Updates fix multiple vulnerabilities. Successful exploitation could result in sensitive information disclosure.

Affected are versions 6.0, 6.1, 6.2, 6.3, 6.4 and 6.5

More information from the Adobe's security advisory.