Third Party Patch Updates: When the Wild Things Attack

Are You Lost in the IT Wild?

If you aren’t patching your third-party vulnerabilities, your business, your assets, your sales, are just that…. vulnerable. Adobe’s Flash has had a tough month.In October we’ve seen two different critical patches released to shore up security holes where attackers can take control of your devices.“We are aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”

These zero-day critical flaws aren’t patched by Windows, you have to know about them, find them, download the content, and then install them.

Third-Party Updates

10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.

10/3/2016 – Earlier this this Adobe have released a Security Bulletin APSB16-25 to resolve issues with Flash Player on both Windows, OS X and Linux which allows attackers to execute arbitrary code via unspecified vectors.

Exploited  – Critical Patch Releases
Patch Details
Product: Flash Player

FlashPlayer_Plugin_PPAPI_v23.0.0.205

FlashPlayer_ActiveX_v23.0.0.205
FlashPlayer_Plugin_NPAPI_v23.0.0.205

  • These updates resolve memory corruption vulnerabilities that could lead to code execution
  • These updates resolve a memory leak vulnerability
  • These updates resolve type confusion vulnerabilities that could lead to viral code execution
  • These updates resolve use-after-free vulnerabilities that could lead to code execution
  • These updates resolve a security bypass vulnerability that could lead to information disclosure

Don’t miss the latest upgrades

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include: 

Patches with Content Updates, Bug fixes and Feature enhancements
Product Category Patch
Chrome Web Browser Chrome_v53.0.2785.143
Skype Online calls Skype_v7.28.101

Skype_v7.29.0.102

iTunes Music Player
Shockwave Media Player Shockwaveplayer_v12.2.5.195
Firefox Web Browser Web browser:  Firefox_v49.0.2
Notepad++ Source code editor Notepadpp_v7.1
CitrixReceiver File access CitrixReceiver_v4.5.0.14155
WinSCP File browser WinSCP_v5.9.2
Wireshark Network protocol analyzer Wireshark_v2.2.1
Foobar Audio player Foobar2000_1.3.12
Evernote Multi device Note pad Evernote_v6.3.3.3502
Glary Utilities PC cleanup Glary_v5.60

Glary_v5.61

MediaMonkey Media Manager MediaMonkey_v4.1.14.1813
Adobe Air AdobeAIR_v23.0.0.257
AIMP Audio Player AIMP_v4.11.1841

AIMP_v4.11.1839

Filezilla FTP Client FileZilla_v3.22.1

 

Specific details available on 3rd Party Patch releases
Patch Details
Product: Adobe Air

AdobeAIR_v23.0.0.257

  • Adobe has released a security update for Adobe AIR SDK and Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update.
Product: AIMP Player

AIMP_v4.11.1841

AIMP_v4.11.1839

  • Fixed: Playlist – the “add entire folder if one file is sent” option does not work correctly in some cases (regression)
  • Fixed: Playlist – no ability to select few collapsed groups via keyboard
  • Fixed: music library – table – album thumbnails view – playback that invoked via mouse double click always started from the first track in group
  • Fixed: Music Library – small bugs were fixed
  • Fixed: Plugins – API – an error occurs when calculating the hash code for certain images (regression)
Product: Filezilla FTP Client

FileZilla_v3.22.1

  • Bugfixes and minor changes:
  • OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime
  • Fixed a potential crash when using SFTP
Firefox_v49.0.2
iTunes_v12.5.1
  • Apple has released iTunes v12.5.1 for OS X and Windows and the update has brought an all-new Apple Music design which brings greater clarity and simplicity to every aspect of the experience.
Notepadpp_v7.1
  • Fix x64 crash on macro recording
  • Fix x64 crash on new language dialog of UDL
  • Check plugin architecture (32-bit or 64-bit) before loading
  • Enhance Smart Highlighting feature: 1. match case 2. whole word only 3. use find dialog settings for both
  • Fix poor performance of hex XML entities
  • Reshow CallTip text on separator character
  • Skip Auto-Complete self-closing HTML tags (<br>, <base>, <track>… etc)
  • Fix 2 UI issues for RTL layout
  • Fix Folder as Workspace toolbar button inconsistent behavior
  • Add option to skip word completion on numbers (default: ON)
  • Fix bookmarks toggled off’s bug
  • Sort plugin menu by plugin name
  • Installer: Add 64-bit/32-bit old install detection, and old installation removal ability
  • Installer: Ask user for keeping user data during uninstallation
  • Installer: Fix uninstaller bug to not remove themes files from APPDATA
Opera_v40.0.2308.81
  • Fixes for Opera Stable running on Sierra. We have also fixed the backspace which stubbornly navigated back in history even when the address field was focused. And, now it is again possible to seamlessly import Firefox bookmarks
RevoUnistallerFree_v2.0.1

RevoUnistallerPro_v3.1.7

  • Fixed Minor bugs
  • Improved scanning for leftovers
Thunderbird_v45.4.0
  • Display name was truncated if no separating space before email address.
  • Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
  • Additional spaces were inserted when drafts were edited.
  • Mail saved as template copied In-Reply-To and References from original email.
  • Threading broken when editing message draft, due to loss of Message-ID
  • “Apply columns to…” did not honor special folders
WinSCP_v5.9.2
  • Translations completed: Brazilian Portuguese, Finnish, Kabyle and Ukrainian
  • Lots of usability improvements and bug fixes