Welcome to our last patch newsletter of 2025. The year is just days away from being complete but we have some zero days to chat about.
In the past 30 days we have had a few zero days; one from Google and a couple from Apple.
Apple released updates for CVE-2025-43529 and CVE-2025-14174. Both affect Apple's Webkit which for this go around means that iOS, iPadOS, Tahoe, Safari, visionOS and watchOS were all affected. Apple reports that by processing malicious web content a bad actor could execute arbitrary code. For CVE-2025-14174 a user after free was addressed with improved memory management and for CVE-2025-43529 a memory corruption issue was addressed with improved validation. So you will want to make sure that you get these devices updated.
Google released four version updates that included 18 security fixes. Of these seven are rated as "High" and one is a zero day. Interestingly it is the same CVE mentioned above for Apple; CVE-2025-14174.
For our other third-party vendors it was a pretty standard month. If there are any additional products you would like to see in the chart below, please let me know.
Be sure to browse the chart below and happy patching! I'll see you next year!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
|||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommendation |
|
Adobe Acrobat and Reader |
Continuous 25.001.20982 and earlier |
12/9/2025 |
Arbitrary Code Execution, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe ColdFusion |
2021 Update 22 and earlier |
12/9/2025 |
Arbitrary Code Execution, Arbitrary File System Read, Privilege Escalation, Security Feature Bypass |
Critical Priority 1: Update within 72 hours |
|
|
Adobe Creative Cloud Desktop |
6.4.0.361 and earlier |
12/9/2025 |
Application Denial of Service |
Important Priority 3: Update at admins discretion |
|
|
Adobe DNG SDK |
1.7.0 and earlier |
12/9/2025 |
Application Denial of Service, Arbitrary Code Execution, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager |
Cloud Service |
12/9/2025 |
Arbitrary Code Execution, Privilege Escalation |
Critical Priority 3: Update at admins discretion |
|
|
Apple iPadOS |
Before 26.2 |
12/12/2025 |
Buffer Overflow, Data Leak, Memory Corruption, Race Condition, Permissions Issue, Privilege Escalation, Security Feature Bypass, Spoofing, Type Confusion, Unauthorized Access, Unexpected App Termination, Use After Free |
Update after testing |
|
|
Apple macOS Sequoia |
Before 15.7.3 |
12/12/2025 |
Data Leak, Denial of Service, Information Disclosure, Memory Corruption, Permissions Issue, Privilege Escalation, Security Feature Bypass, Spoofing, Unexpected App Termination |
Update after testing |
|
|
Apple macOS |
Before 14.8.2 |
12/12/2025 |
Data Leak, Denial of Service, Information Disclosure, Memory Corruption, Permissions Issue, Privilege Escalation, Security Feature Bypass, Spoofing, Unexpected App Termination |
Update after testing |
|
|
Apple macOS Tahoe |
Before 26.2 |
12/12/2025 |
Arbitrary Code Execution, Data Leak, Denial of Service, Information Disclosure, Memory Corruption, Permissions Issue, Privilege Escalation, Race Condition, Sandbox Escape, Security Feature Bypass, Spoofing, Unexpected App Termination, Use After Free |
Update after testing |
|
|
Apple Safari |
Before 26.2 |
12/12/2025 |
Arbitrary Code Execution, Data Leak, Security Feature Bypass, Unexpected System Termination, Type Confusion, Use After Free |
Update after testing |
|
|
Apple watchOS |
Before 26.2 |
12/12/2025 |
Arbitrary Code Execution, Data Leak, Memory Corruption, Permissions Issue, Privilege Escalation, Security Feature Bypass, Spoofing, Unexpected System Termination, Use After Free |
Update after testing |
|
|
Apple visionOS |
Before 26.2 |
12/12/2025 |
Arbitrary Code Execution, Data Leak, Information Disclosure, Memory Corruption, Permissions Issue, Privilege Escalation, Race Condition, Security Feature Bypass, Spoofing, Type Confusion, Unexpected System Termination, Use After Free |
Update after testing |
|
|
Google |
Before 143.0.7499.169 (Windows/Linux) |
12/18/2025 |
Inappropriate Implementation, Out of Bounds Write/Read, Race Condition, Type Confusion, Use After Free |
Update after testing | |
|
Mozilla Thunderbird |
Before 146 |
12/9/2025 |
Arbitrary Code Execution, Miscompilation, Privilege Escalation, Sandbox Escape, Security Feature Bypass, Spoofing, Use After Free |
Update after testing |
|
|
Mozilla Firefox |
Before 146.0.1 |
12/18/2025 |
Arbitrary Code Execution, Miscompilation, Privilege Escalation, Sandbox Escape, Security Feature Bypass, Spoofing, Use After Free |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 140.6 |
12/9/2025 |
Arbitrary Code Execution, Miscompilation, Privilege Escalation, Sandbox Escape, Security Feature Bypass, Use After Free |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 144.0 |
12/15/2025 |
Spoofing |
Update after testing |
|
|
Zoom Rooms for Windows |
Before 6.6.0 |
12/9/2025 |
Escalation of Privilege |
High - Update after testing |
|
|
Zoom Rooms for macOS |
Before 6.6.0 |
12/9/2025 |
Disclosure of Information |
Medium - Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.