August, 2019: Patch Monday: Updates for Adobe, Apple, Google, and Mozilla Products

Welcome to this August Patch Monday Bulletin. This month there were no known attacks on products being updated. There was a significant amount of Adobe products updated this month with numerous vulnerabilities so it would be an ideal time to take inventory of Adobe products in use within the corporate environment. The only priority 1 update is for Adobe Experience Manager which updates an Arbitrary Code Execution vulnerability. Review your environment to determine whether AEM is present and update. Follow up with either or both browser updates for Google Chrome and Mozilla Firefox. Review the remaining Adobe products and determine whether you need to update these products within your environment. Finally, update the 2 Apple products, iTunes and iCloud, if they are present.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of non MS patches this month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

CVE-2019-8062

Adobe After Effects CC

16 and earlier

8/13/2019

Arbitrary Code Execution

Important Priority 3: Update at admin’s discretion

CVE-2019-7870

Adobe Character Animator

2.1 and earlier

8/13/2019

Arbitrary Code Execution

Important Priority 3: Update at admin’s discretion

CVE-2019-7931

Adobe Premiere Pro CC

13.1.2 and earlier

8/13/2019

Arbitrary Code Execution

Important Priority 3: Update at admin’s discretion

CVE-2019-7961

Adobe Prelude CC

8.1 and earlier

8/13/2019

Arbitrary Code Execution

Important Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Creative Cloud Desktop

4.6.1 and earlier

8/13/2019

Arbitrary Code Execution, Denial of Service, Privilege Escalation, Information Leakage

Critical Priority 2: Update within 30 days

Multiple CVE’s

Adobe Acrobat/Reader

macOS  Continuous 2019.012.20034 and earlier

Windows Continuous 2019.012.20035

macOS Classic 2017 2017.011.30142 and earlier

Windows Classic 2017 2017.011.30143 and earlier

macOS Classic 2015

2015.006.30497 and earlier

Windows Classic 2015 2015.006.30498 and earlier

8/13/2019

Arbitrary Code Execution, Information Disclosure

Important Priority 2: Update within 30 days

CVE-2019-7964

Adobe Experience Manager

6.5, 6.4

8/13/2019

Remote Code Execution

Critical Priority 1: Update within 72 hours

Multiple CVE’s

Adobe Photoshop CC

19.1.8 and earlier

20.0.5 and earlier

8/13/2019

Arbitrary Code Execution, Memory Leak

Critical Priority 3: Update at admin’s discretion

Multiple CVE’s

iCloud for Windows

Before 10.6

Before 7.13

7/23/2019

Arbitrary Code Execution, Information Disclosure, Cross Site Scripting

Update after testing

Multiple CVE’s

iTunes for Windows

Before 12.9.6

7/23/2019

Arbitrary Code Execution, Information Disclosure, Cross Site Scripting

Update after testing

Multiple CVE’s

Google Chrome

Before 76.0.3809.132

8/26/2019

Use After Free, Information Disclosure, Security Bypass

Update after testing

CVE-2019-11733

Mozilla Firefox

Before Firefox 68.0.2/ESR 68.0.2

8/14/2019

Information Disclosure, Security Bypass

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.