Hello everyone,
Patch time again everybody! As always Adobe Flash and Adobe Air have many vulnerabilities that could open you up to arbitrary code execution. The updated Google Chrome browser includes an updated version of Flash. Adobe has also patched Photoshop and Bridge this month, which should protect you from possible arbitrary code execution. Below are your June 2015 third party patches. Get updated as soon as possible.
Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation
APSB15-11
Adobe Flash
Win/Mac 17.0.0.188 and earlier, Win/Mac ESR 13.0.0.289 and earlier, Linux 11.2.202.460 and earlier
6/9/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-11
Adobe Air
Win/Mac 17.0.0.172 and earlier
6/9/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion
APSB15-12
Adobe Photoshop
Win/Mac Before 16.0 (2015.0.0)
6/16/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion
APSB15-13
Adobe Bridge
Win/Mac Before 6.11
6/16/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at admin’s discretion
43.0.2357.124
Google Chrome
Win/Mac Before 43.0.2357.124, Linux 43.0.2357.125
6/11/2015
Arbitrary Code Execution (Updated Flash)
Update as soon as possible
Best wishes,
Randy Knowles
5:06 pm on July 16th, 2015 1
No rest for the weary.
1) Java JRE Version 8 Update 51 (8u51) was released on July 14.
http://java.com/en/download/installed8.jsp?detect=jre
http://java.com/en/download/manual.jsp
http://www.oracle.com/technetwork/java/javase/8u51-relnotes-2587590.html
2) Adobe Shockwave Player has an update to 12.1.9.159 on around June 29.
https://www.adobe.com/shockwave/welcome/
https://get.adobe.com/shockwave/
3) Adobe Flash Player has another update, to 18.0.0.209 (for most browsers) on around July 12, on top of the recent update to 18.0.0.203 (for most browsers) on around July 4.
http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/au/security.html
(posted June 23)
https://helpx.adobe.com/au/security/products/flash-player/apsb15-14.html
(posted June 9)
https://helpx.adobe.com/au/security/products/flash-player/apsb15-11.html
4) Mozilla Firefox had a major update to 39.0 on July 2.
https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
https://www.mozilla.org/en-US/firefox/releases/
5) Google Chrome had an update to 43.0.2357.134 on July 14, which updates its internal (Pepper PPAPI) Flash Player to 18.0.0.209, among other changes.
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_14.html
6) Opera had an update to 30.0.1835.125 on July 14.
http://blogs.opera.com/desktop/2015/07/opera-30-0-1835-125-stable-update/
http://blogs.opera.com/desktop/changelog-30/#b1835.125
http://www.opera.com/docs/changelogs/
7) Also, go to weakdh.org to check if your browser is vulnerable to the Logjam Attack.
It says my Firefox 39.0 and Opera 30.0.1835.125 are safe, but my Chrome 43.0.2357.134 is not:
“Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser.”
This is already the latest Chrome version, so I will have to investigate further. If anyone knows how to harden it, please post instructions.
7:17 pm on July 21st, 2015 2
1) Just a week after its last (minor) update, Google released a major (v44) Chrome update to 44.0.2403.89 on July 22. It has many changes: fixes and new features (“A number of new apps/extension APIs”).
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
2) Reminder: the next major update, v45 in September, will discontinue support for NPAPI plugins.
https://randythetechprofessor.com/third-party-program-updates-for-the-month-of-march-2015#comment-24062
11:28 am on July 22nd, 2015 3
Thanks WL,
You are “the man”. All of these third party updates are a pain in the behind. Thanks for helping us keep up with them.
Randy Knowles