Saturday, June 29, 2019

Vulnerability In Mozilla Firefox



Mozilla have released updated versions of their Firefox web browser. New versions fix a high categorized vulnerability.

Affected versions:
Mozilla Firefox 67.0.4
Mozilla Firefox ESR 60.7.2

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Updated

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which one critical and two high categorized.

Affected versions:
Mozilla Thunderbird versions earlier than 60.7.2

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Wednesday, June 19, 2019

Mozilla Firefox Vulnerability Fixed

Mozilla have released updated versions of their Firefox web browser. New versions fix a critical vulnerability. The vulnerability is used in target attacks in the wild so it's recommended to update the browser as soon as possible.

Affected versions:
Mozilla Firefox 67.0.3
Mozilla Firefox ESR 60.7.1

Fresh version can be obtained via inbuilt updater or by downloading (latest version) from the product site.

Mozilla Thunderbird Update Available

Mozilla have released an updated version of their Thunderbird email client containing fixes to security vulnerabilities of which four high and one low categorized.

Affected versions:
Mozilla Thunderbird versions earlier than 60.7.1

Fresh version can be obtained via inbuilt updater or by downloading from the product site.

Thursday, June 13, 2019

Symantec Intelligence Report: May 2019

Symantec have published their Intelligence report that sums up the latest threat trends for May 2019.

The report can be viewed here.

New Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Version 3.0.7 contains fixes to 33 vulnerabilities.

Affected are VLC Player versions prior 3.0.7. Owners of those versions should update to the latest version.

Adobe Flash Player Updated

Adobe have released updated versions of their Flash Player. The new versions contain a fix to critical vulnerability (CVE-2019-7845). By exploiting the vulnerability an attacker may be able to execute arbitrary code in the context of the current user. 

Affected versions:
- Users of Adobe Flash Player 32.0.0.192 and earlier versions for Windows should update to Adobe Flash Player 32.0.0.207

- Users of Adobe Flash Player 32.0.0.192 and earlier versions for macOS should update to Adobe Flash Player 32.0.0.207

- Users of Adobe Flash Player 32.0.0.192 and earlier versions for Linux should update to Adobe Flash Player 32.0.0.207

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.1 and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update


More information can be read from Adobe's security bulletin.

Vulnerabilities Fixed In Adobe Campaign

Adobe have released a new version of their Adobe Campaign. The new version fixes security vulnerabilities that may allow an attacker to execute arbitrary code in target system.

Affected versions are Adobe Campaign Classic 18.10.5-8984 and earlier versions on Windows and Linux. Users of affected versions should update their versions to the latest one (currently 19.1.1-9026).

More information (including download instructions for new version) can be read from Adobe security bulletin.

Adobe ColdFusion Fixed

Adobe have released updated versions of ColdFusion web application development platform. These fixes resolve three critical vulnerabilities (CVE-2019-7838, CVE-2019-7839, CVE-2019-7840) that may allow an attacker to execute arbitrary code in the affected system.

Affected versions:
- ColdFusion (2018 release): update 3 and earlier versions
- ColdFusion (2016 release): update 10 and earlier versions
- ColdFusion 11: update 18 and earlier versions

More information can be read from Adobe's security bulletin.

Microsoft Security Updates For June 2019

Microsoft have released security updates for June 2019.

Summary of the updates (filter by inserting 05/15/2019 to the From field and 06/13/2019 to the To field) here.

Friday, June 7, 2019

VMware Updates Available

VMware have released updated versions of their virtualization software to fix two security vulnerabilities. VMware Tools are affected by an out of bounds read vulnerability (CVE-2019-5522). A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

VMware Workstation Linux version has a use-after-free vulnerability (CVE-2019-5525). A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

Affected versions:
-VMware Tools 10.x Windows versions earlier than 10.3.10
-VMware Workstation 15.x Linux versions earlier than 15.1.0


More information with instructions for updating can be read from the correspondent VMware advisory.

New Google Chrome Version Released

Google have released a version 75.0.3770.80 of their Chrome web browser. Among new features the new version contains fixes to 42 security vulnerabilities.

More information about changes can be viewed in Google Chrome Releases blog.

Monday, June 3, 2019

New Version Of Foxit 3D Plugin Beta Available

Foxit Software has released new version of their 3D Plugin for Foxit Reader and Foxit PhantomPDF software. The new version contain fixes for security vulnerabilities.

Affected versions:
3D Plugin 9.5.0.20723 and earlier for Foxit Reader and Foxit PhantomPDF (Windows)

More information can be read here.

iCloud 7.12 For Windows Released

Apple have released version 7.12 of their iCloud client for Windows. New version fixes security vulnerabilities.

More information about the security content of iCloud for Windows 7.12 can be read from related security advisory.

Users of old versions should update to the latest one available here.

ITunes 12.9.5 For Windows Released

Apple have released version 12.9.5 of their iTunes media player. New version fixes security vulnerabilities.

More information about the security content of iTunes 12.9.5 can be read from related security advisory.

Users of old versions should update to the latest one available.

Saturday, June 1, 2019

Latest PHP Versions Available

PHP development team has released 7.3.6, 7.2.19 and 7.1.30 versions of the PHP scripting language Among other bugs some security bugs have been fixed. All PHP users are recommended to upgrade their versions to the latest release of the correspondent branch.

Changelogs:
Version 7.3.6
Version 7.2.19
Version 7.1.30