Webinar Library
Welcome to this July Patch Monday Bulletin. This month there are updates from Adobe, Apple, Google, Mozilla and Oracle. Google Chrome updated 8 vulnerabilities in the July 15th update and 35 security fixes in a second July update on the 20th, many of these being rated High. You should give special attention to July 15th update because it addresses CVE-2021-30563 which has an exploit that exists in the wild. Chrome should auto update to take care of this issue, but users will likely have to restart the browser. We will most likely be addressing this in our Patch Tuesday newsletter as well since Microsoft Edge (Chromium-based) ingests Chrome. Also of note is Oracle, which has released its Critical Patch Update Advisory for July. In the chart below we list only Jave SE but this July Oracle Update contains 342 new security patches across 125 families of products. Adobe had a big month as well. We recommend you give attention to the Acrobat and Reader updates since they are not only Critical but also Priority 2. Firefox and Thunderbird were both updated remediating several updates. Update these applications after testing in your environment.
Identifier Vendor/Product Product Version Affected Date Released by Vendor Vulnerability Info Vendor Severity / Our Recommendation Multiple CVE's Adobe Acrobat and Reader Continuous 2021.005.20054 and earlier Classic 2020 2020.004.30005 and earlier Classic 2017 2017.011.30197 and earlier 07/13/2021 Privilege Escalation Arbitrary File System Read Arbitrary File System Write Arbitrary Code Execution Memory Leak Application DoS Critical Priority 2: Update within 30 days Multiple CVE's Adobe After Effects 18.2.1 and earlier 07/20/2021 Arbitrary Code Execution Arbitrary File System Read Critical Priority 3: Update at admin's discretion CVE-2021-36003 Adobe Audition 14.2 and earlier 07/20/2021 Arbitrary Code Execution Moderate Priority 3: Update at admin's discretion Multiple CVE's Adobe Bridge 11.0.2 and earlier 07/13/2021 Arbitrary File System Read Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Adobe Character Animator 4.2 and earlier 07/20/2021 Arbitrary Code Execution, Privilege Escalation Critical Priority 3: Update at admin's discretion CVE-2021-28595 Adobe Dimension 3.4 and earlier 07/13/2021 Arbitrary Code Execution Critical Priority 3: Update at admin's discretion CVE-2021-28596 Adobe Framemaker 2019 Update 8 and earlier 2020 Release Update 1 and earlier 07/13/2021 Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Adobe Illustrator 25.2.3 and earlier 07/13/2021 Arbitrary File System Read Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Adobe Media Encoder 15.2 and earlier 07/20/2021 Arbitrary File System Read Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Adobe Photoshop 2020 21.2.9 and earlier 2021 22.4.2 and earlier 07/20/2021 Arbitrary File System Read Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Adobe Prelude 10.0 and earlier 07/20/2021 Arbitrary Code Execution Critical Priority 3: Update at admin's discretion CVE-2021-35997 Adobe Premiere Pro 15.2 and earlier 07/20/2021 Arbitrary Code Execution Critical Priority 3: Update at admin's discretion Multiple CVE's Apple macOS Catalina Security Update 2021-004 07/21/2021 Arbitrary Code Execution, Double Free, Information Disclosure, Integer Overflow, Out of Bounds Read, Out of Bounds Write Update after testing Multiple CVE's Apple macOS Mojave Security Update 2021-005 07/21/2021 Arbitrary Code Execution, Double Free, Information Disclosure, Integer Overflow, Out of Bounds Read, Out of Bounds Write Update after testing Multiple CVE's Google Chrome Before 92.0.4515.107 07/20/2021 Use After Free, Out of Bounds Write, Type Confusion, Heap Buffer Overflow Update as soon as possible Multiple CVE's Mozilla Firefox Before 90 / ESR 78.12 07/13/2021 Use After Free, Out of Bounds Write, Arbitrary Code Execution High Impact - Update after testing Multiple CVE's Mozilla Thunderbird Before 78.12 07/13/2021 Use After Free, Out of Bounds Write, Arbitrary Code Execution High Impact - Update after testing Multiple CVE's Oracle Java SE 7u301, 8u291, 11.0.11, 16.0.1 07/20/2021 Denial of Service, Buffer Overflow, Out of Bounds Write, Unauthorized Update, Bypass IP ACL Update as soon as possible after testing
Identifier
Vendor/Product
Product Version Affected
Date Released by Vendor
Vulnerability Info
Vendor Severity / Our Recommendation
Multiple CVE's
Adobe Acrobat and Reader
Continuous 2021.005.20054 and earlier
Classic 2020 2020.004.30005 and earlier
Classic 2017 2017.011.30197 and earlier
07/13/2021
Privilege Escalation
Arbitrary File System Read
Arbitrary File System Write
Arbitrary Code Execution
Memory Leak
Application DoS
Critical Priority 2: Update within 30 days
Adobe After Effects
18.2.1 and earlier
07/20/2021
Critical Priority 3: Update at admin's discretion
CVE-2021-36003
Adobe Audition
14.2 and earlier
Moderate Priority 3: Update at admin's discretion
Adobe Bridge
11.0.2 and earlier
Adobe Character Animator
4.2 and earlier
Arbitrary Code Execution, Privilege Escalation
CVE-2021-28595
Adobe Dimension
3.4 and earlier
CVE-2021-28596
Adobe Framemaker
2019 Update 8 and earlier
2020 Release Update 1 and earlier
Adobe Illustrator
25.2.3 and earlier
Adobe Media Encoder
15.2 and earlier
Adobe Photoshop
2020 21.2.9 and earlier
2021 22.4.2 and earlier
Adobe Prelude
10.0 and earlier
CVE-2021-35997
Adobe Premiere Pro
Apple macOS Catalina
Security Update 2021-004
07/21/2021
Arbitrary Code Execution, Double Free, Information Disclosure, Integer Overflow, Out of Bounds Read, Out of Bounds Write
Update after testing
Apple macOS Mojave
Security Update 2021-005
Google Chrome
Before 92.0.4515.107
Use After Free, Out of Bounds Write, Type Confusion, Heap Buffer Overflow
Update as soon as possible
Mozilla Firefox
Before 90 / ESR 78.12
Use After Free, Out of Bounds Write, Arbitrary Code Execution
High Impact - Update after testing
Mozilla Thunderbird
Before 78.12
Oracle Java SE
7u301, 8u291, 11.0.11, 16.0.1
Denial of Service, Buffer Overflow, Out of Bounds Write, Unauthorized Update, Bypass IP ACL
Update as soon as possible after testing