August, 2015: Patch Monday: Flash, Safari, Quicktime, and Firefox

Welcome to this August Patch Monday Bulletin. We have fewer patch releases this month but they all have potential arbitrary code execution vulnerabilities present. Get started by applying the Adobe Flash patch for APSB15-19. At this point there does not seem to be active attacks against any of the 34 vulnerabilities that are being remediated but this should be a good start due to the active attacks against prior recent vulnerabilities. If Safari or Firefox are used then follow up with those since the browser is one of the top methods of infection within the enterprise. Quicktime also resolved several vulnerabilities this month so finish with this patch If Quicktime is found in your environment.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:


https://www.ultimatewindowssecurity.com/images/Lumension-Logo-HEAT-Tagline.png

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB15-19

Adobe Flash

Win/Mac 18.0.0.209

and earlier

ES 13.0.0.309

and earlier

Linux

11.2.202.491

and earlier

8/11/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

APSB15-19

Adobe Air

Win/Mac

18.0.0.180

8/11/2015

Arbitrary Code Execution

Critical: Priority 3/ Update at admin’s discretion

7.7.8

QuickTime

Before 7.7.8

8/20/2015

Arbitrary Code Execution, Denial of Service

Update as soon as possible

8.0.8/7.1.8/

6.2.8

Apple Safari

Before 8.08/7.1.8/6.2.8

8/13/2015

Arbitrary Code Execution, Denial of Service, Spoofing, Security Bypass, Information Disclosure

Update as soon as possible

40/ESR38.2

Mozilla Firefox

Before 40/ESR38.2

8/11/2015

Arbitrary Code Execution, Denial of Service, Privilege Escalation, Security Bypass

Update as soon as possible


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.