Thursday, December 27, 2018

Microsoft Windows MsiAdvertiseProduct function vulnerability

There has been found a race condition vulnerability in the Microsoft Windows MsiAdvertiseProduct function. By exploiting the vulnerability an autheticated attackaer can get elevated privilege to read protected files. Exploit for this vulnerability is publicly available.

Currently there is no fix available for the vulnerability. More information in CERT/CC vulnerability note here.

Friday, December 21, 2018

Critical Vulnerability In Internet Explorer

There has been found a critical vulnerability in Microsoft Internet Explorer. The vulnerability (CVE-2018-8653) is in Internet Explorer's Jscript engine and by exploiting the vulnerability an attacker could execute arbitrary code in the context of the current user. A web-based attack example could be that an attacker hosts a specifically crafted website that is designed to exploit the vulnerability and lures user to view the website (for example by sharing a link in an email message).

The vulnerability is being exploited in targeted attacks and it is recommended to apply the patch as soon as possible. More information (patch instructions included) can be read from the related advisory.

New Version Of Foxit Quick PDF Library Available

Foxit Software has released new version of their Quick PDF Library. The new version contain fixes for security vulnerabilities and stability issues.

Affected versions:
Quick PDF Library 16.11 and earlier

More information can be read here.

Friday, December 14, 2018

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a bunch of vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting some of the vulnerabilities could lead to arbitrary code execution in the context of the current user.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20064

*Acrobat 2017 and Acrobat Reader 2017
versions earlier than 2017.011.30110

*Acrobat DC and Acrobat Reader DC, classic track
versions earlier than 2015.006.30461


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Latest PHP Versions Available

PHP development team has released 7.3.0, 7.2.13, 7.1.25, 7.0.33 and 5.6.39 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.0
Version 7.2.13
Version 7.1.25
Version 7.0.33
Version 5.6.39

Wednesday, December 12, 2018

Symantec Intelligence Report: November 2018

Symantec have published their Intelligence report that sums up the latest threat trends for November 2018.

The report can be viewed here.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 64 (advisory)
- Mozilla Firefox earlier than ESR 60.4 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Microsoft Security Updates For December 2018

Microsoft have released security updates for December 2018.

Summary of the updates (filter by inserting 11/13/2018 to the From field and 12/11/2018 to the To field) here.

Thursday, December 6, 2018

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix two security vulnerabilities that could lead to remote execution of arbitrary code (CVE-2018-15982) and privilege escalation (CVE-2018-15983) in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.101

- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Macintosh should update to Adobe Flash Player 32.0.0.101

- Users of Adobe Flash Player 31.0.0.153 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.101

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Flash Player Installer 31.0.0.108 and earlier versions for Windows should be replaced with version 31.0.0.122




More information can be read from Adobe's security bulletin.

Google Chrome Updated To New Version

Google have released a version 71.0.3578.80 of their Chrome web browser. New version contains fixes to 43 security vulnerabilities. More information about changes in Google Chrome Releases blog.

New Version Of iCloud For Windows Released

Apple have released version 7.9 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.9 can be read from related security advisory.
Users of old versions should update to the latest one available here.

ITunes 12.9.2 For Windows Released

Apple have released version 12.9.2 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.2 can be read from related security advisory.

Users of old versions should update to the latest one available.

Sunday, November 25, 2018

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix a security vulnerability (CVE-2018-15981) that could allow remote execution of arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 31.0.0.148 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.153

- Users of Adobe Flash Player 31.0.0.148 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.153

- Users of Adobe Flash Player 31.0.0.148 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.153

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Friday, November 23, 2018

New Version Of Foxit 3D Plugin Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contain fixes for security vulnerabilities.

Affected versions:
3D Plugin 9.3.0.10809 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

Google Chrome Updated

Google have released a version 70.0.3538.110 of their Chrome web browser. New version contains fix to one security vulnerability (CVE-2018-17479). More information about changes in Google Chrome Releases blog.

VMware Workstation And Fusion Updates Available

VMware has released security updates to a integer overflow vulnerability (CVE-2018-6983) in their virtualization applications. The vulnerability may allow a guest to execute arbitrary code on the host.

Affected versions:
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.2
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.5
- VMware Fusion Pro / Fusion 11.x versions earlier than 11.0.2
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.5

Further information including updating instructions can be read from VMware's security advisory.

VMware vSphere Data Protection Updated

WMware has released new version of vSphere Data Protection (VDP). The new version fixes multiple vulnerabilities (CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077) of which one critical, two important and one moderate categorized.

Affected versions:
VDP 6.1.x versions earlier than 6.1.10
VDP 6.0.x versions earlier than 6.0.9

More details in VMware security advisory

Saturday, November 17, 2018

Vulnerability In Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve an important categorized vulnerability (CVE-2018-15980) that could lead to an information disclosure.

Affected versions:
Adobe Photoshop CC 19.1.6 and earlier versions (Windows and macOS)

Solution:
Update to Adobe Photoshop CC 19.1.7 or 20.0 version

Instructions for updating are given in related security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix a vulnerability in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerability (CVE-2018-15979) could lead to an inadvertent leak of the user’s hashed NTLM password.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2019.008.20080 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30105 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30456 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerability can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix a security vulnerability (CVE-2018-15978) that could lead to information disclosure.

Affected versions:
- Users of Adobe Flash Player 31.0.0.122 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.148

- Users of Adobe Flash Player 31.0.0.122 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.148

- Users of Adobe Flash Player 31.0.0.122 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.148

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For November 2018

Microsoft have released security updates for November 2018.

Summary of the updates (filter by inserting 10/10/2018 to the From field and 11/13/2018 to the To field) here.

Monday, November 12, 2018

Google Chrome Updated

Google have released a version 70.0.3538.102 of their Chrome web browser. New version contains fixes to three security vulnerabilities. More information about changes in Google Chrome Releases blog.

Symantec Intelligence Report: October 2018

Symantec have published their Intelligence report that sums up the latest threat trends for October 2018.

The report can be viewed here.

VMware Updates Available

VMware has released security updates to two uninitialized stack memory usage vulnerabilities (CVE-2018-6981, CVE-2018-6982) in their virtualization applications. One of the vulnerabilities (CVE-2018-6981) may allow a guest to execute arbitrary code on the host.

Affected versions:
- VMware ESXi 6.7 without ESXi670-201811401-BG patch
- VMware ESXi 6.5 without ESXi650-201811301-BG patch
- VMware ESXi 6.0 without ESXi600-201811401-BG patch
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.1
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.4
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.4

Further information including updating instructions can be read from VMware's security advisory.

Friday, November 2, 2018

Foxit PhantomPDF For Windows Update Available

Foxit Software has released version 8.3.8 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities of which some if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 8.3.7.38093 and earlier (Windows)

More information can be read here.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 60.3

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

New Version Of iCloud For Windows Released

Apple have released version 7.8 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.8 can be read from related security advisory.
Users of old versions should update to the latest one available here.

ITunes 12.9.1 Released

Apple have released version 12.9.1 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.1 can be read from related security advisory.

Users of old versions should update to the latest one available.

Tuesday, October 30, 2018

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 63 (advisory)
- Mozilla Firefox earlier than ESR 60.3 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Sunday, October 21, 2018

Vulnerability In Yammer Fixed

Microsoft has released a new version of Yammer desktop application. New version fixes a remote code execution vulnerability (CVE-2018-8569). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user.

More information in related security advisory.

New Drupal Version Available

There have been released new versions of open-source content management framework Drupal. New versions fix multiple vulnerabilities.

Affected versions:
Drupal core 7.x versions prior to 7.60
Drupal core 8.6.x versions prior to 8.6.2
Drupal core 8.5.x versions prior to 8.5.8

More information in Drupal security advisory.

VMware Updates Available

VMware has released security updates to patch an out-of-bounds read vulnerability (CVE-2018-6974) in their virtualization applications. The vulnerability may allow a guest to execute arbitrary code on the host.

Affected versions:
- VMware ESXi 6.7 without ESXi670-201810101-SG patch
- VMware ESXi 6.5 without ESXi650-201808401-BG patch
- VMware ESXi 6.0 without ESXi600-201808401-BG patch
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.3

Further information including updating instructions can be read from VMware's security advisory.

Oracle Critical Patch Update For Q4 of 2018

Oracle have released updates for their products that fix 301 security issues (including 12 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in January 2019.

Thursday, October 18, 2018

Symantec Intelligence Report: September 2018

Symantec have published their Intelligence report that sums up the latest threat trends for September 2018.

The report can be viewed here.

Google Chrome Updated

Google have released a version 70.0.3538.67 of their Chrome web browser. New version contains fixes to 23 security vulnerabilities. More information about changes in Google Chrome Releases blog.

Saturday, October 13, 2018

New Version Of iCloud For Windows Released

Apple have released version 7.7 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.7 can be read from related security advisory.
Users of old versions should update to the latest one available here.

Adobe Technical Communications Suite Updated

Adobe has released an updated version of their Technical Communications Suite. Successful exploitation of the vulnerability may lead to privilege escalation.

Affected are versions 1.0.5.1 and below.

More information from the Adobe's security advisory.

Adobe Framemaker Updated

Adobe has released an updated version of their Framemaker. Successful exploitation of the vulnerability may lead to privilege escalation.

Affected are versions 1.0.5.1 and below.

More information from the Adobe's security advisory.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two moderate and three important categorized vulnerabilities.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. Successful exploitation of the fixed vulnerabilities could lead to arbitrary code execution in the context of current user.

Affected versions are Adobe Digital Editions 4.5.8 and earlier versions on Windows, Macintosh and iOS. Users of affected versions should update their versions to the latest one (currently 4.5.9).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. This time the new versions don't contain security vulnerability fixes but fix feature and performance bugs.

Affected versions:
- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.122

- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.122

- Users of Adobe Flash Player 31.0.0.108 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.122

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Latest PHP Versions Available

PHP development team has released 7.2.11 and 7.1.23 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.11
Version 7.1.23

Denial-of-service Vulnerability In VMware Products

There has been found a denial-of-service (DoS) vulnerability in 3D-acceleration feature in Vmware ESXi, Workstation and Fusion. That can be caused by a 3D-rendering shader when an infinite loop occurs in it.

The workaround is to turn the 3D-acceleration off in the affected programs. More details in related security advisory.

Thursday, October 11, 2018

Microsoft Security Updates For October 2018

Microsoft have released security updates for October 2018.

Summary of the updates (filter by inserting 9/12/2018 to the From field and 10/09/2018 to the To field) here.

Saturday, October 6, 2018

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 60.2.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 62.0.3 (advisory)
- Mozilla Firefox earlier than ESR 60.2.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30102 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30452 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Wednesday, September 26, 2018

ITunes 12.9 Released

Apple have released version 12.9 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9 can be read from related security advisory.

Users of old versions should update to the latest one available.

Monday, September 24, 2018

Vulnerability In Microsoft Windows JET Database Engine

There has been found a critical vulnerability in Microsoft Windows JET Database Engine. By exploiting the vulnerability an attacker may execute arbitrary code in vulnerable system under the context of the current process. To exploit the vulnerability user interaction is needed.

At the moment there's no patch available against the vulnerability. In the absence of a fix special caution should be exercised without opening suspicious and from untrusted sources received files.

More information in Zero Day Initiative's blog post.

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 62.0.2 (advisory)
- Mozilla Firefox earlier than ESR 60.2.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20063 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30099 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30448 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Monday, September 17, 2018

Latest PHP Versions Available

PHP development team has released 7.2.10, 7.1.22, 7.0.32 and 5.6.38 versions of the PHP scripting language Among other minor bugs one security bug have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.10
Version 7.1.22
Version 7.0.32
Version 5.6.38

Wednesday, September 12, 2018

Symantec Intelligence Report: August 2018

Symantec have published their Intelligence report that sums up the latest threat trends for August 2018.

The report can be viewed here.

Google Chrome Updated

Google have released a version 69.0.3497.92 of their Chrome web browser. New version contains fixes to two security vulnerabilities. More information about changes in Google Chrome Releases blog.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix a security vulnerability (CVE-2018-15967) that could lead to information disclosure.

Affected versions:
- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Windows should update to Adobe Flash Player 31.0.0.108

- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Macintosh should update to Adobe Flash Player 31.0.0.108

- Users of Adobe Flash Player 30.0.0.154 and earlier versions for Linux should update to Adobe Flash Player 31.0.0.108

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe ColdFusion Fix Available

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve security vulnerabilities of which some critical. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code in the affected system.

Affected versions:
- ColdFusion (2018 release): July 12 release (2018.0.0.310739)
- ColdFusion (2016 release): update 6 and earlier versions
- ColdFusion 11: update 14 and earlier versions

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For September 2018

Microsoft have released security updates for September 2018.

Summary of the updates (filter by inserting 8/15/2018 to the From field and 9/12/2018 to the To field) here.

Monday, September 10, 2018

Vulnerability In WordPress

There has been found an unpatched vulnerability (CVE-2018-1000773) in WordPress. The vulnerability is due to insufficient sanitization of user-supplied input submitted to the affected software. The vulnerability may allow an attacker to execute arbitrary code in target system. To exploit the vulnerability the attacker must have user-level access to the target system.

Affected versions:
WordPress 4.9.8 and earlier versions


Cisco's multivendor vulnerability alert can be read here.

Thursday, September 6, 2018

AirWatch Agent and VMware Content Locker updated

There have been found data protection vulnerabilities (CVE-2018-6975, CVE-2018-6976) in AirWatch Agent and VMware Content Locker.

Affected versions:
- AirWatch Agent for iOS (A/W Agent) versions earlier than 5.8.1
- VMware Content Locker for iOS (A/W Locker) versions earlier than 4.14

More information in VMware advisory

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities of which some critical.

Affected products are:
- Mozilla Firefox earlier than 62 (advisory)
- Mozilla Firefox earlier than ESR 60.2 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Friday, August 31, 2018

Vulnerability In Microsoft Windows Task Scheduler

There has been found a vulnerability in Microsoft Windows task scheduler. The local privilege escalation vulnerability exists in the Advanced Local Procedure Call (ALPC) interface. By exploiting the vulnerability a local user can obtain SYSTEM privileges of the affected system.

Currently there is no official patch available for the vulnerability. Acros Security has published an unofficial micropatch against the vulnerability for fully updated 64bit Windows 10 version 1803 and fully updated 64bit Windows Server 2016. It's always good to remember that if unofficial patch/workaraound is used then it should be considered only a temporary solution and removed when the official patch by Microsoft becomes available.

Creative Cloud Desktop Application Update

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application. The vulnerability is an improper certificate validation vulnerability that could lead to privilege escalation (CVE-2018-12829).

Affected versions:
Creative Cloud Desktop Application 4.6.0 and earlier versions

More information can be read from Adobe's security bulletin.

Vulnerability In Drupal Fixed

There has been fixed a security vulnerability in open-source content management framework Drupal. The vulnerability is related to Drupal Commerce Module.

Affected:
8.x-2.x-dev

Solution:
Update to Commerce 8.x-2.9 version

More information in Drupal security advisory.

Saturday, August 25, 2018

Vulnerabilities Found In Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve two critical memory corruption vulnerabilities (CVE-2018-12810 and CVE-2018-12811) that could lead to code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 2018 19.1.5 and earlier versions (Windows and macOS)
Adobe Photoshop CC 2017 18.1.5 and earlier versions (Windows and macOS)

Instructions for updating are given in related security bulletin.

Monday, August 20, 2018

Vulnerability In Oracle Database

Oracle have released a patch to fix a vulnerability (CVE-2018-3110) in their Oracle Database product. The vulnerability is in the Java VM component of Oracle Database Server, a remote authenticated attacker can exploit it take complete control of the product and establish a shell access to the underlying server.

Affected versions:
Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18

More information (including instructions for patching) in Oracle's security advisory.

Saturday, August 18, 2018

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20055 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30096 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30434 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix three moderate categorized vulnerabilities: CVE-2018-5005, CVE-2018-12806 and CVE-2018-12807.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 30.0.0.134 and earlier versions for Windows should update to Adobe Flash Player 30.0.0.154

- Users of Adobe Flash Player 30.0.0.134 and earlier versions for Macintosh should update to Adobe Flash Player 30.0.0.154

- Users of Adobe Flash Player 30.0.0.134 and earlier versions for Linux should update to Adobe Flash Player 30.0.0.154

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Creative Cloud Desktop Application Update

Adobe has released a security update to fix a vulnerability in their Creative Cloud Desktop Application (installer). The vulnerability is an insecure library loading vulnerability in the installer that could lead to privilege escalation (CVE-2018-5003).

Affected versions:
Creative Cloud Desktop Application (installer) 4.5.0.324 and earlier versions

More information can be read from Adobe's security bulletin.

Foxit PhantomPDF Fix Available

Foxit Software has released version 8.3.7 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 8.3.6.35572 and earlier (Windows)

More information can be read here.

VMware Workstation And Fusion Updates Available

VMware has released new versions of their Workstation and Fusion software. New versions fix an out-of-bounds write vulnerability (CVE-2018-6973).

Affected versions:
-VMware Workstation 14.x earlier than version 14.1.3 for Windows
-VMware Fusion 10.x earlier than version 10.1.3 for Windows

More information (including links to patches) in security advisory.

Microsoft Security Updates For August 2018

Microsoft have released security updates for August 2018.

Summary of the updates (filter by inserting 7/11/2018 to the From field and 8/18/2018 to the To field) here.

Symantec Intelligence Report: July 2018

Symantec have published their Intelligence report that sums up the latest threat trends for July 2018.

The report can be viewed here.

Google Chrome Updated

Google have released a version 68.0.3440.106 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Thursday, August 9, 2018

VMware Horizon Updates Available

VMware has released new versions of their Horizon and Horizon Client for Windows. New versions fix an out-of-bounds read vulnerability (CVE-2018-6970).

Affected versions:
-VMware Horizon 6 earlier than version 6.2.7 for Windows
-VMware Horizon 7 earlier than version 7.5.1 for Windows
-VMware Horizon Client earlier than version 4.8.1 for Windows

More information (including links to patches) in security advisory.

Saturday, August 4, 2018

New Drupal Version Available

There has been released a new version of open-source content management framework Drupal. The new version includes fixed version of Symfony library (details about Symfony vulnerability here in Symfony blog).

Affected versions:
Drupal core 8.x versions prior to 8.5.6

More information in Drupal security advisory.

Vulnerability In Symfony PHP Library

There has been found a severe vulnerability in widely used Symfony PHP library. The vulnerability may lead to authentication bypass vulnerabilities.

Affected versions:
2.7.x earlier than 2.7.49
2.8.x earlier than 2.8.44
3.3.x earlier than 3.3.18
3.4.x earlier than 3.4.14
4.0.x earlier than 4.0.14
4.1.x earlier than 4.1.3

Symfony 3.0, 3.1, and 3.2 are not maintained anymore and won't get a fix. Users of these versions should move to more recent versions.

More information in Symfony blog.



Wednesday, August 1, 2018

Google Chrome Updated

Google have released a version 68.0.3440.84 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Thursday, July 26, 2018

Google Chrome Updated

Google have released a version 68.0.3440.75 of their Chrome web browser. New version contains fixes to 42 security vulnerabilities. In addition to that Chrome will show "Not secure" warning on all HTTP pages. More information about changes in Google Chrome Releases blog.

VMware Updates Available

VMware has released security updates to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware Horizon View Agent versions earlier than 7.5.1
- VMware vSphere Hypervisor (ESXi) 6.7 without ESXi670-201806401-BG patch
- VMware vSphere Hypervisor (ESXi) 6.5 without ESXi650-201806401-BG patch
- VMware vSphere Hypervisor (ESXi) 6.0 without ESXi600-201806401-BG patch
- VMware vSphere Hypervisor (ESXi) 5.5 without ESXi550-201806401-BG patch
- VMware Workstation Pro versions earlier than 14.1.2
- VMware Workstation Player versions earlier than 14.1.2
- VMware Fusion Pro / Fusion versions earlier than 10.1.2

Further information including updating instructions can be read from VMware's security advisory.

Tuesday, July 24, 2018

Latest PHP Versions Available

PHP development team has released 7.2.8, 7.1.20, 7.0.31 and 5.6.37 versions of the PHP scripting language Among other changes several security bugs have been fixed too. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.8
Version 7.1.20
Version 7.0.31
Version 5.6.37

Saturday, July 21, 2018

New Version Of Foxit Reader And Foxit PhantomPDF Available

Foxit Software has released version 9.2 of their Foxit Reader and Foxit PhantomPDF software. The new versions contain fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit Reader 9.1.0.5096 and earlier (Windows)
Foxit PhantomPDF 9.1.0.5096 and earlier (Windows)

More information can be read here.

Oracle Critical Patch Update For Q3 of 2018

Oracle have released updates for their products that fix 334 security issues (including eight Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2018.

Sunday, July 15, 2018

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 30.0.0.113 and earlier versions for Windows should update to Adobe Flash Player 30.0.0.134

- Users of Adobe Flash Player 30.0.0.113 and earlier versions for Macintosh should update to Adobe Flash Player 30.0.0.134

- Users of Adobe Flash Player 30.0.0.113 and earlier versions for Linux should update to Adobe Flash Player 30.0.0.134

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix three important categorized vulnerabilities: CVE-2018-5004, CVE-2018-5006 and CVE-2018-12809.

Affected are versions 6.0, 6.1, 6.2, 6.3 and 6.4

More information from the Adobe's security advisory.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves three security vulnerabilities.

Affected versions:
- Adobe Connect earlier than 9.8.1

More information can be read from Adobe's security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to execute arbitrary code in the context of the current user in the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20040 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30080 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30418 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

New Version Of iCloud For Windows Released

Apple have released version 7.6 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.6 can be read from related security advisory.
Users of old versions should update to the latest one available here.

ITunes 12.8 Released

Apple have released version 12.8 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.8 can be read from related security advisory.
Users of old versions should update to the latest one available.

Microsoft Security Updates For July 2018

Microsoft have released security updates for July 2018.

Summary of the updates (filter by inserting 7/9/2018 to the From field and 7/15/2018 to the To field) here.

Friday, July 6, 2018

WordPress 4.9.7 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.9.7

More information can be read from the WordPress blog.

Thursday, July 5, 2018

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.9

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Monday, July 2, 2018

VMware Updates Available

VMware has released security updates to patch multiple vulnerabilities in their virtualization applications.

Affected versions:
- VMware ESXi 6.7 without ESXi670-201806401-BG patch
- VMware Workstation Pro versions earlier than 14.1.2
- VMware Workstation Player versions earlier than 14.1.2
- VMware Fusion Pro / Fusion versions earlier than 10.1.2

Further information including updating instructions can be read from VMware's security advisory.

Latest PHP Versions Available

PHP development team has released 7.2.7 and 7.1.19 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.7
Version 7.1.19

Wednesday, June 27, 2018

Google Chrome Updated

Google have released a version 67.0.3396.99 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Monday, June 25, 2018

Symantec Intelligence Report: May 2018

Symantec have published their Intelligence report that sums up the latest threat trends for May 2018.

The report can be viewed here.

Thursday, June 14, 2018

Microsoft Security Updates For June 2018

Microsoft have released security updates for June 2018.

Summary of the updates (filter by inserting 5/9/2018 to the From field and 6/14/2018 to the To field) here.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address a security vulnerability.

Affected products are:
- Mozilla Firefox earlier than 60.0.2
- Mozilla Firefox earlier than ESR 60.0.2
- Mozilla Firefox earlier than ESR 52.8.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Google Chrome Updated

Google have released a version 67.0.3396.87 of their Chrome web browser. New version contains fix to one security vulnerability (CVE-2018-6149). More information about changes in Google Chrome Releases blog.

Friday, June 8, 2018

Google Chrome Updated

Google have released a version 67.0.3396.79 of their Chrome web browser. New version contains fix to one security vulnerability (CVE-2018-6148). More information about changes in Google Chrome Releases blog.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code in the context of the current user.

Affected versions:
- Users of Adobe Flash Player 29.0.0.171 and earlier versions for Windows should update to Adobe Flash Player 30.0.0.113

- Users of Adobe Flash Player 29.0.0.171 and earlier versions for Macintosh should update to Adobe Flash Player 30.0.0.113

- Users of Adobe Flash Player 29.0.0.171 and earlier versions for Linux should update to Adobe Flash Player 30.0.0.113

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Monday, June 4, 2018

Google Chrome Updated

Google have released a version 67.0.3396.62 of their Chrome web browser. New version contains fixes to 34 security vulnerabilities. More information about changes in Google Chrome Releases blog.

New Version Of iCloud For Windows Released

Apple have released version 7.5 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.5 can be read from related security advisory.
Users of old versions should update to the latest one available here.

ITunes 12.7.5 Released

Apple have released version 12.7.5 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.7.5 can be read from related security advisory.
Users of old versions should update to the latest one available.

Latest PHP Versions Available

PHP development team has released 7.2.6 and 7.1.18 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.6
Version 7.1.18

Tuesday, May 22, 2018

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.8

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Symantec Intelligence Report: April 2018

Symantec have published their Intelligence report that sums up the latest threat trends for April 2018.

The report can be viewed here.

Friday, May 18, 2018

Google Chrome Updated

Google have released a version 66.0.3359.181 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Security Patch Available To Adobe Photoshop

Adobe have released new versions of Adobe Photoshop for Windows and Macintosh. These updates resolve a critical vulnerability (CVE-2018-4946) that could lead to code execution in the context of the current user.

Affected versions:
Adobe Photoshop CC 2018 19.1.3 and earlier versions (Windows and macOS)
Adobe Photoshop CC 2018 18.1.2 and earlier versions on Windows and 18.1.3 and earlier on macOS

Instructions for updating are given in related security bulletin.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.011.20038 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30079 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30417 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Saturday, May 12, 2018

Google Chrome Updated

Google have released a version 66.0.3359.170 of their Chrome web browser. New version contains fixes to four security vulnerabilities. More information about changes in Google Chrome Releases blog.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an authentication bypass vulnerability (CVE-2018-4994), which could be exploited to disclose sensitive information.

Affected versions:
- Adobe Connect earlier than 9.7.5

More information can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code.

Affected versions:
- Users of Adobe Flash Player 29.0.0.140 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.171

- Users of Adobe Flash Player 29.0.0.140 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.171

- Users of Adobe Flash Player 29.0.0.140 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.171

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Creative Cloud Desktop Application Update

Adobe have released a security update to fix two vulnerabilities in their Creative Cloud Desktop Application. The first vulnerability is related to the validation of certificates used by Creative Cloud desktop applications (CVE-2018-4991). The second vulnerability is related to the improper input validation (CVE-2018-4992).

Affected versions:
Creative Cloud 4.4.1.298 and earlier versions

More information can be read from Adobe's security bulletin.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.8 (advisory)
- Mozilla Firefox earlier than 60 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Foxit PhantomPDF Update Available

Foxit Software has released version 8.3.6 of their Foxit PhantomPDF software. The new version contains fixes for security vulnerabilities that if exploited may allow an attacker to execute arbitrary code in target system.

Affected versions:
Foxit PhantomPDF 8.3.5.30351 and earlier (Windows)

More information can be read here.

Microsoft Security Updates For May 2018

Microsoft have released security updates for May 2018.

Summary of the updates (filter by inserting 4/11/2018 to the From field and 5/12/2018 to the To field) here.

Monday, May 7, 2018

Windows Host Compute Service Shim Vulnerability

Microsoft has released an update to address a critical remote code execution vulnerability (CVE-2018-8115) in Windows Host Compute Service Shim (hcsshim) library. More information about the vulnerability and update can be viewed here.

Tuesday, May 1, 2018

Google Chrome Updated

Google have released a version 66.0.3359.139 of their Chrome web browser. New version contains fixes to three security vulnerabilities. More information about changes in Google Chrome Releases blog.

Latest PHP Versions Available

PHP development team has released 7.2.5, 7.1.17, 7.0.30 and 5.6.36 versions of the PHP scripting language Among other changes several security bugs have been fixed too. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.5
Version 7.1.17
Version 7.0.30
Version 5.6.36

Friday, April 20, 2018

Google Chrome Updated

Google have released a version 66.0.3359.117 of their Chrome web browser. New version contains fixes to 62 security vulnerabilities. More information about changes in Google Chrome Releases blog.

Oracle Critical Patch Update For Q2 of 2018

Oracle have released updates for their products that fix 254 security issues (including 14 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2018.

Friday, April 13, 2018

Symantec Intelligence Report: March 2018

Symantec have published their Intelligence report that sums up the latest threat trends for March 2018.

The report can be viewed here.

Fix For Adobe PhoneGap Push Plugin Available

Adobe have released updated version of their PhoneGap Push plugin. This update resolves a Same-Origin Method Execution (SOME) vulnerability (CVE-2018-4943) that exists in PhoneGap apps built with the affected version of the Push plugin. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.

More information can be read from Adobe security bulletin here.

Adobe ColdFusion Fix Available

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve an important insecure library loading vulnerability (CVE-2018-4938), an important cross-site scripting vulnerability that could lead to code injection (CVE-2018-4940) and an important cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941). These updates also include a mitigation for a critical unsafe Java deserialization vulnerability (CVE-2018-4939) and a mitigation for a critical unsafe XML parsing vulnerability (CVE-2018-4942).

Affected versions:
- ColdFusion (2016 release): update 5 and earlier versions
- ColdFusion 11: update 13 and earlier versions

More information can be read from Adobe's security bulletin.

New Version of Adobe Digital Editions Available

Adobe have released a new version of their ebook reader software Adobe Digital Editions. The new version fixes an out-of-bounds read vulnerability (CVE-2018-4925) rated Important, and a stack overflow vulnerability (CVE-2018-4926) caused by unsafe processing of specially crafted epub files.

Affected versions are Adobe Digital Editions 4.5.7 and earlier versions on Windows, Macintosh, iOS and Android. Users of affected versions should update their versions to the latest one (currently 4.5.8).

More information (including download instructions for new version) can be read from Adobe's security bulletin.

Adobe InDesign Update Available

Adobe have released updated versions of Adobe InDesign for Windows and Macintosh. The new update resolves a critical memory corruption vulnerability (CVE-2018-4928) that could be abused to execute code remotely. The vulnerability is caused by unsafe parsing of a malformed .inx file. The update also fixes an untrusted search path vulnerability (CVE-2018-4927) in the InDesign installer. This vulnerability is categorized as important.

Affected versions:
- Adobe InDesign earlier than 13.1

More information can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix three vulnerabilities: two important (CVE-2018-4930 and CVE-2018-4931) and one moderate (CVE-2018-4929) categorized.

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix security vulnerabilities that could allow remote execution of arbitrary code.

Affected versions:
- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.140

- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.140

- Users of Adobe Flash Player 29.0.0.113 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.140

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For April 2018

Microsoft have released security updates for April 2018.

Summary of the updates (filter by inserting 3/14/2018 to the From field and 4/13/2018 to the To field) here.

Friday, April 6, 2018

Latest PHP Versions Available

PHP development team has released 7.2.4, 7.1.16, 7.0.29 and 5.6.35 versions of the PHP scripting language Among other changes one security bug is fixed too. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.4
Version 7.1.16
Version 7.0.29
Version 5.6.35

Microsoft Malware Protection Engine Vulnerability

The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. There has been found a vulnerability in it. The vulnerability (CVE-2018-0986) may allow an attacker to execute arbitrary code in the security context of the LocalSystem account and take control of the system.

Affected are versions earlier than 1.1.14700.5.

In default settings Malware Protection Engine should update itself automatically. Instructions for checking currently used version can be read here under "Verification of the update installation" section of the correspondent product in use.

More information can be read from the related advisory.

WordPress 4.9.5 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.9.5

More information can be read from the WordPress blog.

Monday, April 2, 2018

ITunes 12.7.4 Released

Apple have released version 12.7.4 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.7.4 can be read from related security advisory.
Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.4 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.4 can be read from related security advisory.
Users of old versions should update to the latest one available here.

Friday, March 30, 2018

Out-Of-Band Security Update for Windows 7 And Windows Server 2008 Available

Microsoft has released a new security update (KB4100480) for Windows 7 and Windows Server 2008 to address an elevation of privilege vulnerability (CVE-2018-1038). The update can be obtained from Windows Update, Windows Server Update Service or download from Microsoft Update Catalog.

More information (including methods to get the update) of the update here.

Thursday, March 29, 2018

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address one high categorized security vulnerability.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7.3
- Mozilla Firefox earlier than 59.0.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site (the latest version):
Firefox

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.7

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Thursday, March 22, 2018

Google Chrome Updated

Google have released a version 65.0.3325.181 of their Chrome web browser. New version contains one security vulnerability fix. More information about changes in Google Chrome Releases blog.

Saturday, March 17, 2018

VMware Denial-of-Service Vulnerability

There has been found a denial-of-service vulnerability (CVE-2018-6957) in VMware virtualization applications. The vulnerability can be triggered by opening a large number of VNC sessions. This is only possible if VNC is manually enabled.

Affected versions:
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.1
- VMware Workstation Pro / Player 12.x versions, mitigation
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.1
- VMware Fusion Pro / Fusion 8.x versions, mitigation

Further information including updating instructions can be read from VMware's security advisory.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address critical security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7.2
- Mozilla Firefox earlier than 59.0.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Google Chrome Updated

Google have released a version 65.0.3325.162 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Adobe Dreamweaver CC Updated

Adobe have released updated version of their Dreamweaver CC. This update resolves a critical OS command injection vulnerability in the Dreamweaver URI handler on Windows (CVE-2018-4924) that could result in arbitrary code execution in the context of the current user.

Affected versions:
- Adobe Dreamweaver CC earlier than 18.1

More information can be read from Adobe's security bulletin.

Adobe Connect Update Available

Adobe have released updated versions of Adobe Connect. This update resolves an unrestricted SWF file upload vulnerability (CVE-2018-4921), which could be exploited to conduct cross-site scripting attacks. This update also resolves an OS command injection vulnerability in the Adobe Connect URI handler on Windows (CVE-2018-4923) that could result in unintended arbitrary local file removal or forced uninstall of the application.

Affected versions:
- Adobe Connect earlier than 9.7.5

More information can be read from Adobe's security bulletin.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix two critical vulnerabilities (CVE-2018-4919 and CVE-2018-4920) that could allow remote execution of arbitrary code.

Affected versions:
- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Windows should update to Adobe Flash Player 29.0.0.113

- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Macintosh should update to Adobe Flash Player 29.0.0.113

- Users of Adobe Flash Player 28.0.0.161 and earlier versions for Linux should update to Adobe Flash Player 29.0.0.113

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Wednesday, March 14, 2018

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than ESR 52.7 (advisory)
- Mozilla Firefox earlier than 59 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For March 2018

Microsoft have released security updates for March 2018.

Summary of the updates (filter by inserting 2/14/2018 to the From field and 3/14/2018 to the To field) here.

Sunday, March 11, 2018

Symantec Intelligence Report: February 2018

Symantec have published their Intelligence report that sums up the latest threat trends for February 2018.

The report can be viewed here.

Google Chrome Updated

Google have released a version 65.0.3325.146 of their Chrome web browser. New version contains fixes to 45 security vulnerabilities. More information about changes in Google Chrome Releases blog.

Tuesday, March 6, 2018

Research On Cryptominers

Price of cryptocurrencies have been on raise and in 2017 for example Bitcoin broke records many times. Cybercriminals have noticed that too and have started to use malicious miners. They infect victims and make coins using CPU or GPU power.

Kaspersky have written a research on these cryptominers. It can be viewed here.

Friday, March 2, 2018

New PHP Versions Released

PHP development team has released 7.2.3, 7.1.15, 7.0.28 and 5.6.34 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.3
Version 7.1.15
Version 7.0.28
Version 5.6.34

Friday, February 23, 2018

Google Chrome Updated

Google have released a version 64.0.3282.186 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Friday, February 16, 2018

Microsoft Security Updates For February 2018

Microsoft have released security updates for February 2018.

Summary of the updates (filter by inserting 1/10/2018 to the From field and 2/16/2018 to the To field) here.

Google Chrome Updated

Google have released a version 64.0.3282.167 of their Chrome web browser. New version contains a fix to security vulnerability. More information about changes in Google Chrome Releases blog.

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 2018.009.20050 and earlier

*Acrobat 2017 and Acrobat Reader 2017
version 2017.011.30070 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 2015.006.30394 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe Experience Manager Updated

Adobe has released updated versions of their Experience Manager. Updates fix two vulnerabilities: one important (CVE-2018-4876) and one moderate (CVE-2018-4875) categorized.

Affected are versions 6.0, 6.1, 6.2 and 6.3

More information from the Adobe's security advisory.

Monday, February 12, 2018

Symantec Intelligence Report: January 2018

Symantec have published their Intelligence report that sums up the latest threat trends for January 2018.

The report can be viewed here.

Wednesday, February 7, 2018

New PHP Versions Released

PHP development team has released 7.2.2 and 7.1.14 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.2
Version 7.1.14

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix two critical vulnerabilities (CVE-2018-4877 and CVE-2018-4878) that could allow remote execution of arbitrary code.

Affected versions:
- Users of Adobe Flash Player 28.0.0.137 and earlier versions for Windows should update to Adobe Flash Player 28.0.0.161

- Users of Adobe Flash Player 28.0.0.137 and earlier versions for Macintosh should update to Adobe Flash Player 28.0.0.161

- Users of Adobe Flash Player 28.0.0.137 and earlier versions for Linux should update to Adobe Flash Player 28.0.0.161

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Monday, February 5, 2018

Google Chrome Updated

Google have released a version 64.0.3282.140 of their Chrome web browser. New version contains a fix to security vulnerability. More information about changes in Google Chrome Releases blog.

Friday, February 2, 2018

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address a critical security vulnerability that can lead to execution of arbitrary code.

Affected products are:
- Mozilla Firefox earlier than 58.0.1 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Friday, January 26, 2018

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities. Some of the fixed vulnerabilities are categorized as critical.

Affected versions:
Mozilla Thunderbird versions earlier than 52.6

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Google Chrome Updated

Google have released a version 64.0.3282.119 of their Chrome web browser. New version contains 53 security fixes. More information about changes in Google Chrome Releases blog.

ITunes 12.7.3 Released

Apple have released version 12.7.3 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.7.3 can be read from related security advisory.

Users of old versions should update to the latest one available.

New Version Of iCloud For Windows Released

Apple have released version 7.3 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.3 can be read from related security advisory.

Users of old versions should update to the latest one available here.

Tuesday, January 23, 2018

Mozilla Firefox Updated

Mozilla have released updated versions of Firefox browser to address security vulnerabilities.

Affected products are:
- Mozilla Firefox earlier than 58 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Friday, January 19, 2018

Oracle Critical Patch Update For Q1 of 2018

Oracle have released updates for their products that fix 238 security issues (including 21 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in April 2018.

WordPress 4.9.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. It's also recommended to check if there are any updates available for WordPress extensions in use. Also, it's recommended to disable those extensions that are not needed.

Affected versions:
WordPress versions earlier than 4.9.2

More information can be read from the WordPress blog.

Saturday, January 13, 2018

VMware Updates Available

VMware has released security updates to patch use-after-free and integer-overflow vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.1
- VMware Workstation Pro / Player 12.x versions earlier than 12.5.9
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.1
- VMware Fusion Pro / Fusion 8.x versions earlier than 8.5.10

Further information including updating instructions can be read from VMware's security advisory.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions fix an important out-of-bounds vulnerability that could lead to information exposure.

Affected versions:
- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Windows should update to Adobe Flash Player 28.0.0.137

- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Macintosh should update to Adobe Flash Player 28.0.0.137

- Users of Adobe Flash Player 28.0.0.126 and earlier versions for Linux should update to Adobe Flash Player 28.0.0.137

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Sunday, January 7, 2018

Symantec Intelligence Report: December 2017

Symantec have published their Intelligence report that sums up the latest threat trends for December 2017.

The report can be viewed here.

New PHP Versions Released

PHP development team has released 7.2.1, 7.1.13, 7.0.27 and 5.6.33 versions of the PHP scripting language. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.2.1
Version 7.1.13
Version 7.0.27
Version 5.6.33

Google Chrome Updated

Google have released a version 63.0.3239.132 of their Chrome web browser. More information about changes in Google Chrome Releases blog.

Mozilla Firefox Updated

Mozilla have released updated version of Firefox browser to address a security vulnerability.

Affected products are:
- Mozilla Firefox earlier than 57.0.4 (advisory)

Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

Microsoft Security Updates For January 2018

Microsoft have released security updates for January 2018.

Summary of the updates (filter by inserting 12/15/2017 to the From field and 1/3/2018 to the To field) here.

Wednesday, January 3, 2018

Identify Malicious WiFi Networks With PiKarma Script

Security researcher Besim Altinok has created a Python script, PiKarma that helps to identify WiFi networks that are carrying KARMA (Karma Attacks Radioed Machines Automatically) attacks, a well known form of WiFi Man in the Middle attacks.

"PiKarma allows users to test WiFi networks and determine if the WiFi network in a certain location is safe to use before carrying out any sensitive communications over them. If the script detects a KARMA attack, it logs details and then automatically sends a deauth request, disconnecting the user from the malicious network."

The only downside is that user will need an extra WiFi card. That is needed to keep an eye on the main one.

Bleeping Computer's article about PiKarma with details can be viewed here.