Hello everyone,
Vulnerabilities in third party apps are being exploited like never before. The bad guys have turned away from the Microsoft Operating System (patch Tuesday isn’t perfect but is good enough to force the many exploits in 3rd. party programs). The existence of these third party vendors (Adobe, Oracle, Apple, etc.) is not threatened, so they will never perfect a patching strategy the way Microsoft did. Heck, their so called “automatic updates” don’t even work!
So, get updated as soon as possible. Here are your April 2015 third party program patches:
Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation
APSB15-06
Adobe Flash Win/MAC
before 17.0.0.169 / ESR 13.0.0.281 Linux before 11.2.202.457
4/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-07
Adobe ColdFusion
Version 11 before Update 5 Version 10 before update 6
4/14/2015
Cross Site Scripting
Important: Priority 2/ Upgrade within 30 days
APSB15-08
Adobe Flex
4.6 and earlier
4/14/2015
Cross Site Scripting
Important: Priority 3/ Update at the administrator’s discretion
8.0.5/7.1.5/6.2.5
Apple Safari
Before 8.0.5/7.1.5/6.2.5
4/8/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure
Update as soon as possible
42.0.2311.90
Google Chrome
Before 42.0.2311.90
4/14/2015
Denial of Service, Security bypass, Information Disclosure
Update at admin’s discretion.
37.0.2
Mozilla Firefox
Before 37.0.2
4/20/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Spoofing
Update as soon as possible
April
CPU Java
Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40
4/15/2015
Arbitrary Code Execution, Security Bypass
Update as soon as possible
Best wishes,
Randy The Tech Professor
9:06 pm on May 5th, 2015 1
[…] Third Party Program Updates For The Month Of April 2015 […]
7:12 pm on May 7th, 2015 2
More:
Adobe updates Shockwave Player to 12.1.8.158 (installers dated April 20). And yes, this is an NPAPI plugin.
https://www.adobe.com/shockwave/welcome/
Chrome went to 42.0.2311.135 on April 28.
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html
9:57 pm on May 7th, 2015 3
Thanks WL,
They come so fast and furious that you have to be a magician to keep up with them all!
Randy Knowles
4:06 am on May 15th, 2015 4
Firefox had a major update to 38.0 (May 12) and then a minor update to 38.0.1 (May 14).
https://www.mozilla.org/en-US/firefox/38.0.1/releasenotes/
https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
https://www.mozilla.org/en-US/firefox/releases/
11:07 am on May 17th, 2015 5
Thanks again WL,
Thanks for the latest update developments.
Vulnerabilities in third party apps are being exploited like never before. The bad guys have turned away from the Microsoft Operating System (Microsoft patch Tuesday isn’t perfect but it has been good enough to force the many exploits in 3rd. party programs). The existence of these third party vendors (Adobe, Oracle, Apple, Mozilla, etc.) is not threatened, so they will never perfect a patching strategy the way Microsoft did. Heck, many times their so called “automatic updates” don’t even work!
Randy Knowles
3:32 am on May 21st, 2015 6
Chrome released a major update to 43.0.2357.65 on May 19, with improvements and 37 security fixes:
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html