July, 2021: Patch Monday: Chrome Exploit in the Wild; Oracle Critical Quarterly Patch Updates

Welcome to this July Patch Monday Bulletin. This month there are updates from Adobe, Apple, Google, Mozilla and Oracle. Google Chrome updated 8 vulnerabilities in the July 15th update and 35 security fixes in a second July update on the 20th, many of these being rated High.  You should give special attention to July 15th update because it addresses CVE-2021-30563 which has an exploit that exists in the wild.  Chrome should auto update to take care of this issue, but users will likely have to restart the browser.  We will most likely be addressing this in our Patch Tuesday newsletter as well since Microsoft Edge (Chromium-based) ingests Chrome.  Also of note is Oracle, which has released its Critical Patch Update Advisory for July.  In the chart below we list only Jave SE but this July Oracle Update contains 342 new security patches across 125 families of products.  Adobe had a big month as well.  We recommend you give attention to the Acrobat and Reader updates since they are not only Critical but also Priority 2.  Firefox and Thunderbird were both updated remediating several updates. Update these applications after testing in your environment.


 

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE's

Adobe Acrobat and Reader

Continuous 2021.005.20054 and earlier

Classic 2020 2020.004.30005 and earlier

Classic 2017 2017.011.30197 and earlier

07/13/2021

Privilege Escalation

Arbitrary File System Read

Arbitrary File System Write

Arbitrary Code Execution

Memory Leak

Application DoS

Critical Priority 2: Update within 30 days

Multiple CVE's

Adobe After Effects

18.2.1 and earlier

07/20/2021

Arbitrary Code Execution

Arbitrary File System Read

Critical Priority 3: Update at admin's discretion

CVE-2021-36003

Adobe Audition

14.2 and earlier

07/20/2021

Arbitrary Code Execution

Moderate Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Bridge

11.0.2 and earlier

07/13/2021

Arbitrary File System Read

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Character Animator

4.2 and earlier

07/20/2021

Arbitrary Code Execution,
Privilege Escalation

Critical Priority 3: Update at admin's discretion

CVE-2021-28595

Adobe Dimension

3.4 and earlier

07/13/2021

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

CVE-2021-28596

Adobe Framemaker

2019 Update 8 and earlier

2020 Release Update 1 and earlier

07/13/2021

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Illustrator

25.2.3 and earlier

07/13/2021

Arbitrary File System Read

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Media Encoder

15.2 and earlier

07/20/2021

Arbitrary File System Read

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Photoshop

2020 21.2.9 and earlier

2021 22.4.2 and earlier

07/20/2021

Arbitrary File System Read

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Adobe Prelude

10.0 and earlier

07/20/2021

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

CVE-2021-35997

Adobe Premiere Pro

15.2 and earlier

07/20/2021

Arbitrary Code Execution

Critical Priority 3: Update at admin's discretion

Multiple CVE's

Apple macOS Catalina

Security Update 2021-004

07/21/2021

Arbitrary Code Execution,
Double Free,
Information Disclosure,
Integer Overflow,
Out of Bounds Read,
Out of Bounds Write

Update after testing

Multiple CVE's

Apple macOS Mojave

Security Update 2021-005

07/21/2021

Arbitrary Code Execution,
Double Free,
Information Disclosure,
Integer Overflow,
Out of Bounds Read,
Out of Bounds Write

Update after testing

Multiple CVE's

Google Chrome

Before 92.0.4515.107

07/20/2021

Use After Free,
Out of Bounds Write,
Type Confusion,
Heap Buffer Overflow

Update as soon as possible

Multiple CVE's

Mozilla Firefox

Before 90 / ESR 78.12

07/13/2021

Use After Free,
Out of Bounds Write,
Arbitrary Code Execution

High Impact - Update after testing

Multiple CVE's

Mozilla Thunderbird

Before 78.12

07/13/2021

Use After Free,
Out of Bounds Write,
Arbitrary Code Execution

High Impact - Update after testing

Multiple CVE's

Oracle Java SE

7u301, 8u291, 11.0.11, 16.0.1

07/20/2021

Denial of Service,
Buffer Overflow,
Out of Bounds Write,
Unauthorized Update,
Bypass IP ACL

Update as soon as possible after testing