Symantec have published their Intelligence report that sums up the latest threat trends for March 2019.
The report can be viewed here.
Friday, April 12, 2019
New Adobe Bridge CC Version Available
Adobe has released version 9.0.3 of their Bridge CC. The update fixes five vulnerabilities of which two critical and three important.
Affected are versions 9.0.2 and earlier.
More information from the Adobe's security advisory.
Affected are versions 9.0.2 and earlier.
More information from the Adobe's security advisory.
Adobe Experience Manager Forms Updated
Adobe has released updated versions of their Experience Manager Forms. Updates fix one important (CVE-2019-7129) categorized vulnerability that could result in sensitive information disclosure.
Affected are versions 6.2, 6.3 and 6.4
More information from the Adobe's security advisory.
Affected are versions 6.2, 6.3 and 6.4
More information from the Adobe's security advisory.
Adobe InDesign Update Available
Adobe have released updated version of Adobe InDesign. The new update resolves a critical vulnerability (CVE-2019-7107) that could be abused to execute code remotely. The vulnerability is caused by unsafe hyperlink processing.
Affected versions:
- Adobe InDesign earlier than 14.0.2
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe InDesign earlier than 14.0.2
More information can be read from Adobe's security bulletin.
Adobe XD Updated
Adobe has released a new version (17.0.12) of their Adobe XD software. The updated version contains fixes to two arbitrary code execution vulnerabilities (CVE-2019-7105, CVE-2019-7106).
Affected are 16.0 and earlier versions.
More information can be read from the security bulletin.
Affected are 16.0 and earlier versions.
More information can be read from the security bulletin.
Foxit Studio Photo Updated
Adobe Dreamweaver Updated
Adobe have released updated version of their Dreamweaver. This update resolves a vulnerability rated moderate related to the use of the Server Message Block (SMB) protocol when handling UNC paths in Dreamweaver.
Affected versions:
- Adobe Dreamweaver earlier than 19.1
More information can be read from Adobe's security bulletin.
Affected versions:
- Adobe Dreamweaver earlier than 19.1
More information can be read from Adobe's security bulletin.
Shockwave Player Updated
Adobe have released an updated version of their Shockwave Player. The new version fixes multiple critically categorized security vulnerabilities that could potentially lead to arbitrary code execution in the context of the current user.
Users of Adobe Shockwave Player 12.3.4.204 and earlier should update to Adobe Shockwave Player 12.3.5.205.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Users of Adobe Shockwave Player 12.3.4.204 and earlier should update to Adobe Shockwave Player 12.3.5.205.
More about fixed vulnerabilities and other information can be read from Adobe's security bulletin.
Microsoft Security Updates For April 2019
Microsoft have released security updates for April 2019.
Summary of the updates (filter by inserting 03/13/2019 to the From field and 04/12/2019 to the To field) here.
Summary of the updates (filter by inserting 03/13/2019 to the From field and 04/12/2019 to the To field) here.
Adobe Flash Player Updated
Adobe have released updated versions of their Flash Player. The new versions contain two security vulnerability fixes. One of the vulnerabilities is an arbitrary code execution vulnerability (CVE-2019-7096) and the other an information disclosure vulnerability (CVE-2019-7108).
Affected versions:
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.171
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.171
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.171
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Affected versions:
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.171
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.171
- Users of Adobe Flash Player 32.0.0.156 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.171
- Flash Player integrated with Google Chrome will be updated by Google via Chrome update
- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update
More information can be read from Adobe's security bulletin.
Adobe Reader And Acrobat Security Updates
Adobe have released security updates to fix vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. Exploiting some of the vulnerabilities could lead to arbitrary code execution in the context of the current user.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099
*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30138
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30493
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
versions earlier than 2019.010.20099
*Acrobat 2017 and Acrobat Reader DC 2017, 2017 classic track
versions earlier than 2017.011.30138
*Acrobat DC and Acrobat Reader DC, 2015 classic track
versions earlier than 2015.006.30493
Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Adobe Acrobat
More information about fixed vulnerability can be read from Adobe's security bulletin.
Latest PHP Versions Available
PHP development team has released 7.3.4, 7.2.17 and 7.1.28 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.
Changelogs:
Version 7.3.4
Version 7.2.17
Version 7.1.28
Changelogs:
Version 7.3.4
Version 7.2.17
Version 7.1.28
Wednesday, April 3, 2019
VMware Updates Available
VMware has released security updates to vulnerabilities in their virtualization applications.
Affected versions:
- VMware ESXi 6.7 without ESXi670-201903001 patch
- VMware ESXi 6.5 without ESXi650-201903001 patch
- VMware ESXi 6.0 without ESXi600-201903001 patch
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.4
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.7
- VMware Fusion Pro / Fusion 11.x versions earlier than 11.0.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.6
Further information including updating instructions can be read from VMware's security advisory.
Affected versions:
- VMware ESXi 6.7 without ESXi670-201903001 patch
- VMware ESXi 6.5 without ESXi650-201903001 patch
- VMware ESXi 6.0 without ESXi600-201903001 patch
- VMware Workstation Pro / Player 15.x versions earlier than 15.0.4
- VMware Workstation Pro / Player 14.x versions earlier than 14.1.7
- VMware Fusion Pro / Fusion 11.x versions earlier than 11.0.3
- VMware Fusion Pro / Fusion 10.x versions earlier than 10.1.6
Further information including updating instructions can be read from VMware's security advisory.
Mozilla Thunderbird Update Available
Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities.
Affected versions:
Mozilla Thunderbird versions earlier than 60.6.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
Affected versions:
Mozilla Thunderbird versions earlier than 60.6.1
Fresh version can be obtained via inbuilt updater or by downloading from the product site.
New Version Of iCloud For Windows Released
Apple have released version 7.11 of their iCloud client for Windows. New version fixes security vulnerabilities.
More information about the security content of iCloud for Windows 7.11 can be read from related security advisory.
Users of old versions should update to the latest one available here.
More information about the security content of iCloud for Windows 7.11 can be read from related security advisory.
Users of old versions should update to the latest one available here.
ITunes 12.9.4 For Windows Released
Apple have released version 12.9.4 of their iTunes media player. New version fixes security vulnerabilities.
More information about the security content of iTunes 12.9.4 can be read from related security advisory.
Users of old versions should update to the latest one available.
Subscribe to:
Posts (Atom)
