Third-Party-Software of 3rd Party Software
We tend to take the security of major websites and software, such as Facebook, Twitter, Instagram and their respective apps, for granted.
However, there are numerous ways that persons with malicious intent could gain access to accounts of those sites. Recently, Twitter faced a breach of security to one popular method; exploiting connected third-party software.
A small number of accounts on Twitter were hacked and began posting pro-Nazi messages and symbols. These included the accounts of Amnesty International, Forbes and a few other prominent groups. Twitter’s servers had not been hacked, the hack was traced to another software, Twitter Counter.
This sort of breach is a reminder to be careful of what software you trust.
VLC caught up in Wikileaks’ ‘Vault 7’
Wikileaks released a series of documents regarding the CIA and their set of malware tools. One of these revelations concerns VLC media player. The tool collects information from the computer or network and hides itself inside VLC.
However, VideoLAN Organization has released a statement regarding this. They say “the leaked document does not describe a vulnerability that is remotely exploitable, nor is present in a normal VLC installation.” As long as you have kept VLC up to date and downloaded it from the official site, you are safe.
Third-Party Updates
Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:
| Product | Category | Patch |
| Chrome | Web Browser | Chrome_v58.0.3029.140 |
| Skype | Online calls | Skype_v7.36 |
| Adobe (Flash Player, Adobe Experience Manager Forms) | APSB17-15
APSB17-16 |
|
| Thunderbird | Email Client | Thunderbird_v52.1.1 |
| Glary Utilities | PC cleanup | Glary_v5.76 |
| AIMP | Audio Player | AIMP_v4.13.1895 |
| iTunes | Media Player | iTunes_12.6.1 |
| CDBurnerXP | CD/DVD Burner | CDBurnerXP_4.5.7.6623 |
| Trillian | Instant MessengerCode Editor | Trillian_6.0 Build 1 |
| Notepad++ | Code Editor | Notepad++_7.4.1 |
| GOM Player | Media Player | GOMplayer_2.3.16.5272 |
| Malwarebytes | Security Software | Malwarebytes_3.1 |
| RealVNC | Remote Access | RealVNC_6.1.1 |
| VLC | Media Player | VLC_2.2.5 |
| Patch | Details |
| Chrome_58.0.3029.140 | Includes bug fixes, security updates, and feature enhancements.
However, the following devices are NOT live with this update. AOpen Chromebox Commercial Dell Chromebook 11 (3120) Enguarde based 11″ Chromebooks HP Chromebook 11 2100-2299 / HP Chromebook 11 G4/G4 EE / HP Chromebook 11 G3 HP Chromebook 14 ak000-099 / HP Chromebook 14 G4 Lenovo ThinkPad 11e Chromebook |
| Skype_7.35 | Quality improvements and general fixes. |
| Adobe
APSB17-15
APSB17-16
|
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).
These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form. |
| Thunderbird_52.1.1 | Fixed: Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use.
Unable to load full message via POP if message was downloaded partially (or only headers) before. Some attachments can’t be opened or saved if the message body is empty. Crash when compacting IMAP folder. |
| Glary_v5.76 | Bug Fixes and Feature Enhancements |
| AIMP_v4.13.1895 | Fixed: Player – an issue with opening files from AIMP’s context menu that integrated to Windows Explorer
Fixed: plugins – API – adding files to playlist with the AIMP_PLAYLIST_ADD_FLAGS_FILEINFO flag produces internal exception in some cases Small bugs were fixed |
| iTunes_12.6.1 | Minor app and performance improvements. |
| CDBurnerXP_4.5.7.6623 | DPI improvements for copy disc dialog
DPI improvements for ISO image dialog DPI improvements for video DVD dialog Fixed potential crash when refreshing media info |
| Trillian_6.0 Build 1 | Bug Fixes and Feature Enhancements |
| Notepad++_7.4.1 | Fix Notepad++ hanging issue on startup due to its connection on Internet – disable the certification chain verification.
Fix the opened zero length file not saving bug. Improve Document Peeker performance issue for large files. |
| GOMplayer_2.3.16.5272 | [Enhanced Playback Performance]
• Added video codec format support – FMVC (FM Screen Capture Codec), Clear Video, Avid MJPEG, TSCC2 Codec added • Added audio codec format support – QDMC (QDesign Music Codec), DSD (Direct Sound Digital), shorten audio Codec added
[Improved Functions] • Now supporting left/right 360 degree video • Enhanced video playback for VR (360 degree) videos
[VOC and bug fixes] – Fixed 3 channel audio error – Fixed playback speed error – Fixed Intel H/W regarding H.264 videos – Audio Channel bug fixes – TS format bug fixes – Audio capture saving bug fix – Screen color bug fixes – Additional minor bug fixes |
| Malwarebytes_3.1 | Fixed several crashes in the Web Protection module
Fixed issue where Ransomware Protection would be stuck in ‘Starting’ state after a reboot Fixed a conflict with Norton that caused web pages not to load and plug-ins to crash in Chrome Fixed issue with WMI protection technique in Exploit Protection that could cause Office applications to crash Fixed several crashes related to the service and tray Fixed security vulnerabilities that could be chained together to perform local privilege escalation Fixed many other miscellaneous defects and user interface improvements |
| RealVNC_6.1.1 | FIXED: Active Directory user accounts with no expiry date can now be used to authenticate to VNC Server using single sign-on (SSO)
FIXED: VNC Server’s Information Center dialog no longer shows an erroneous error message when the legacy SecurityTypes parameter is set to a value other than <auto> (this may affect users upgrading from VNC 5.x). FIXED: VNC Server in Virtual Mode (Xvnc) no longer crashes due to a bug in the X11 render extension. |
| VLC_2.2.5 | VLC 2.2.5 “Weatherwax” is the fifth update to VLC’s 2.2 release series.
Fix green line rendering on Windows with AMD drivers Fix mp3 playback regression on macOS and 64bit Windows leading to distortion for some media Fix screenshots size Improved lua scripts for various websites Various security improvements in demuxers and decoders Security hardening for DLL hijacking environments Fix scrolling sensitivity on Sierra Fix screen recording on Windows |
Get Started
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.
