Hello everyone,
I’m a bit late on this, but here they are: The Third Party Updates For The Month Of July 2015. Get updated as soon as possible!
Key: Identifier, Vendor/Product, Product Version Affected, Date Released by Vendor, Vulnerability Info, Vendor, Severity/Recommendation
APSB15-18
Adobe Flash
Win/Mac 18.0.0.203 and earlier
Win/Mac ESR 13.0.0.302 and earlier
Linux 18.0.0.204 and earlier
7/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-17
Adobe Shockwave
Win/Mac 12.1.8.158 and earlier
7/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-15
Adobe Acrobat/Reader
Win/Mac11.0.11 and earlier, 10.1.14 and earlier
7/8/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-15
Adobe Acrobat/Reader DC
Win/Mac Continuous 2015.007.20033
Classic 2015.006.30033
7/8/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
7.7.7
Apple Quicktime
Before 7.7.7
6/30/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible
12.2
iTunes
Before 12.2
6/30/2015
Arbitrary Code Execution, Denial of Service
Update as soon as possible
8.0.7/7.1.7/6.2.7
Safari
Before 8.0.7/7.1.7/6.2.7
6/30/2015
Arbitrary Code Execution, Denial of Service, Cross Site Scripting, Security Bypass,
Update as soon as possible
44.0.2403.107
Google Chrome
Before 44.0.2403.89
7/24/2015
Arbitrary Code Execution, Cross Site Scripting, Denial of Service, Security Bypass, Spoofing,
Update as soon as possible
39/ESR 38.1
Mozilla Firefox
Before 39/ESR 38.1
7/2/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Security Bypass, Spoofing
Update as soon as possible
38.1
Mozilla Thunderbird
Before 38.1
7/2/2015
Arbitrary Code Execution, Denial of Service, Security Bypass
Update as soon as possible
July CPU
Java
Before 6u95, 7u80, 8u45
7/17/2015
Arbitrary Code Execution
Update as soon as possible
Best wishes,
Randy Knowles
7:31 pm on August 24th, 2015 1
Many third party updates are released around this time, after Microsoft’s Black Tuesday (second Tuesday of the month). So add these to the August updates:
1) Java JRE Version 8 Update 60 (8u60) (1.8.0_60-b27) was released on August 18.
http://www.java.com/en/download/installed8.jsp?detect=jre
http://www.java.com/en/download/manual.jsp
http://www.oracle.com/technetwork/java/javase/8u60-relnotes-2620227.html
2) Adobe Flash Player had an update, to 18.0.0.232 (for most browsers) on around August 7.
http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
(posted August 11, last updated August 20)
3) Adobe Shockwave Player had an update to 12.1.9.160 (sic; this breaks Adobe’s usual incrementing in both the third & fourth quartets, i.e. version should be 12.1.10.160 to follow 12.1.9.159 and 12.1.8.158) on around July 23.
https://www.adobe.com/shockwave/welcome/
https://get.adobe.com/shockwave/
4) Mozilla Firefox had a major update to 40.0 on August 11 and a minor update to 40.0.2 on August 13.
https://www.mozilla.org/en-US/firefox/40.0/releasenotes/
https://www.mozilla.org/en-US/firefox/40.0.2/releasenotes/
https://www.mozilla.org/en-US/firefox/releases/
5) Google Chrome had an update to 44.0.2403.157 on August 20.
http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_20.html
Note: Chrome has been updated more frequently in the last two months, as often as twice in a week, on average once a week.
Some users (e.g. Windows 7) have trouble getting the latest updates automatically – see the comments in the blogs for users’ tips to manually update at:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Also, there seems to be more complaints than usual about recent Chrome updates breaking features for users. Again, see the blogs in the above link for details from users’ comments.
6) Opera had an update to 31.0.1889.174 on August 18.
http://blogs.opera.com/desktop/2015/08/opera-31-0-1889-174-stable-update/
http://blogs.opera.com/desktop/changelog-for-31/#b1889.174
http://www.opera.com/docs/changelogs/