Webinar Library
Welcome to this May Patch Monday Bulletin. We have our fair share of 3rd party patches to address this past month. Let's start with some high priority patches. Oracle normally releases their security updates quarterly. On May 19th they released a "Security Alert Advisory" for CVE-2022-21500. Normally we report on the end user products of Oracle, such as Java, but since Oracle "strongly recommends that customers apply the updates" as soon as possible, we wanted to include it this month. Although it's CVSS score is only 7.5, it is remotely exploitable without authentication, so we thought you should be made aware of it. Next is a critical update released by Mozilla after their normal mid-month patches on May 3rd. On May 20th they released a critical update for Firefox, ESR, Firefox for Android and Thunderbird. The update addresses two critical CVE's: CVE-2022-1802 and CVE-2022-1529. It updates software to the following versions: Firefox 100.0.2, Firefox for Android 100.0.3, Firefox ESR 91.9.1 and Thunderbird 91.9.1. Apple has also released updates for macOS Monterey, Big Sur and Catalina. Google has had a few updates over the past month for Chrome addressing 42 security fixes, 14 of which are rated "High" by Google. We recommend you review the chart below to determine if your environment contains any of the affected 3rd party products from this month.
Patch data provided by:
Identifier
Vendor/Product
Product Version Affected
Date Released by Vendor
Vulnerability Info
Vendor Severity / Our Recommendation
CVE-2022-28819
Adobe Character Animator
2021 4.4.2 and earlier
2022 22.3 and earlier
5/10/2022
Arbitrary Code Execution
Critical Priority 3: Update at admin's discretion
CVE-2022-28818
Adobe Cold Fusion
2018 Update 13 and earlier
2021 Version 3 and earlier
Important Priority 2: Update at admin's discretion
Multiple CVE's
Adobe InDesign
17.1 and earlier
Adobe Framemaker
2019 Release Update 8 and earlier
2020 Release Update 4 and earlier
Memory Leak
Adobe InCopy
Apple iOS/iPadOS
Before 15.5
5/16/2022
Race Condition, Arbitrary Code Execution, Memory Corruption Issue, Denial of Service, Security Feature Bypass, Use After Free
Update as soon as possible
Apple macOS
Monterey before 12.4
Big Sur before 11.6.6
2022-004 Catalina Security Update
Out of Bounds Read/Write, Out of Bounds Access, Arbitrary Code Execution, Logic Issue, Denial of Service, Security Feature Bypass
Apple Xcode
Before 13.4
Elevation of Privilege, Logic Issue
Update after testing
Apple Safari
Google Chrome
Before 101.0.4951.67
5/12/2022
Use After Free, Buffer Overflow, Inappropriate Implementation, Type Confusion, Out of Bounds Memory Access
Mozilla Thunderbird
Before 91.9
5/3/2022
Incorrect Security Status, Spoofing, Privilege Escalation, Leaking Security Status, Improper Implementation, Arbitrary Code Execution
Mozilla Firefox
Before 100
Before ESR 91.9
Spoofing, Privilege Escalation, Leaking Security Status, Improper Implementation, Arbitrary Code Execution
Opera
Before 87
5/17/2022
CVE-2022-21500
Oracle
Oracle E-Business Suite 12.1/12.2
5/19/2022