We have updates from Adobe, Apple, Google, and Mozilla. This month it is important to pay attention to patching Firefox and Thunderbird. It has been awhile since we have had active attacks against Firefox but CVE-2019-11707 is being actively exploited in the wild. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail. Attacks against this vulnerability can result in an exploitable crash. Follow up with Adobe Flash and then Google Chrome once you have tested and deployed Firefox updates. Finally review your environment for the remaining Adobe and Apple products.
Here’s the chart of non-MS patches that affect Windows platforms in the past month.
|
Identifier |
Vendor/Product |
Product Version Affected |
Date Released by Vendor |
Vulnerability Info |
Vendor |
|
Adobe Flash Player |
32.0.0.192 and earlier |
6/11/2019 |
Arbitrary Code Execution |
Critical Priority 2: Update within 30 days |
|
|
Adobe Campaign |
18.10.5-8984 and earlier versions |
6/11/2019 |
Arbitrary Code Execution Information Disclosure |
Critical Priority 3: Update at admin’s discretion |
|
|
Adobe Cold Fusion |
2018 Update 3 and earlier 2016 Update 10 and earlier ColdFusion 11 Update 18 and earlier |
6/11/2019 |
Arbitrary Code Execution |
Critical Priority 2: Update within 30 days |
|
|
Apple iCloud for Windows |
Before 10.4 Before 7.12 |
6/11/2019 |
Arbitrary Code Execution, |
Update after testing | |
|
Apple iTunes for Windows |
Before 12.9.5 |
5/28/2019 |
Arbitrary Code Execution, |
Update after testing | |
|
Google Chrome |
Before 75.0.3770.100 |
6/18/2019 |
Use After Free, |
Update after testing | |
|
Mozilla Thunderbird |
Before 60.7.2 |
6/20/2019 |
Denial of Service, |
Update as soon as possible |
|
|
Mozilla Firefox |
Before 67.0.4 / ESR 60.7.2 |
6/20/2019 |
Denial of Service, |
Update as soon as possible |