***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my August 2024 Patch Monday newsletter! It was an average month for 3rd party patching. Adobe had their usual updates but nothing high risk. We have three zero days; two for Google Chrome and one for macOS Monterey. Google released an update on August 21 for one zero day (CVE-2024-7971) and updated it on August 26th to reflect the in the wild exploitation of CVE-2024-7965. On July 29th, Apple released an update (CVE-2024-23296) for RTKit for macOS Monterey. Apple is aware of a report that this issue may have been exploited.
Besides these two zero days, Google also released updates for 65 other vulnerabilities. Of the 16 are rated high and 2 rated critical. You'll want to make sure Chrome updates get pushed out.
Zoom also had a handful of updates this past month. Two of the updates (CVE-2024-39825 and CVE-2024-39818) are both rated "High". One is an information disclosure with a CVSS score of 7.5 and the other is a privilege escalation with a CVSS score of 8.5. So you will want to apply the latest zoom updates.
So that's about it for the month. Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
 |
||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe Illustrator |
2024 28.5 and earlier |
8/13/2024 |
Arbitrary Code Execution, Application DoS, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Dimension |
3.4.11 and earlier |
8/13/2024 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Photoshop |
2023 24.7.3 and earlier |
8/13/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InDesign |
ID19.4 and earlier |
8/13/2024 |
Arbitrary Code Execution, Application DoS, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Acrobat Reader |
Reader/DC Continuous |
8/13/2024 |
Arbitrary Code Execution, Privilege Escalation, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Bridge |
13.0.8 and earlier |
8/13/2024 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Stager |
3.0.2 and earlier |
8/13/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Commerce |
2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier (including Magento Open Source) |
8/13/2024 |
Arbitrary Code Execution, Arbitrary File System Read, Privilege Escalation, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InCopy |
19.5 and earlier |
8/13/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Sampler |
4.5 and earlier |
8/13/2024 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Designer |
13.1.2 and earlier |
8/13/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple watchOS |
Before 10.6 |
7/29/2024 |
Cross Site Scripting, Denial of Service, Information Disclosure, Integer Overflow, Out of Bounds, Race Condition, Security Feature Bypass, Type Confusion, Use After Free |
Update after testing | |
|
Apple macOS |
Monterey before 12.7.6 |
7/29/2024 |
Arbitrary Code Execution, Denial of Service, Information Disclosure, Memory Corruption, Out of Bounds, Privilege Escalation, Race Condition, Security Feature Bypass, Spoofing, Type Confusion |
Update after testing | |
|
Apple macOS |
Ventura before 13.6.8 |
7/29/2024 |
Arbitrary Code Execution, Denial of Service, Information Disclosure, Memory Corruption, Out of Bounds, Privilege Escalation, Race Condition, Security Feature Bypass, Spoofing, Type Confusion |
Update after testing | |
|
Apple macOS |
Sonoma before 14.6 |
7/29/2024 |
Arbitrary Code Execution, Cross Site Scripting, Denial of Service, Information Disclosure, Integer Overflow, Out of Bounds, Privilege Escalation, Security Feature Bypass, Spoofing, Type Confusion, Use After Free |
Update after testing | |
|
Apple iOS |
iOS/iPadOS before 17.6 |
7/29/2024 |
Cross Site Scripting, Denial of Service, Downgrade Issue, Information Disclosure, Out of Bounds, Race Condition, Security Feature Bypass, Type Confusion, Use After Free |
Update after testing | |
|
Apple Safari |
Before 17.6 |
7/29/2024 |
Cross Site Scripting, Out of Bounds, Security Feature Bypass, Spoofing, Use After Free |
Update after testing | |
|
Google |
Before 127.0.6533.72/73 for Windows/Mac |
7/23/2024 |
Inappropriate Implementation, Insufficient Validation, Heap Buffer Overflow, Out of Bounds, Race Condition, Type Confusion, Uninitialized Use, Use After Free |
Update after testing | |
|
Multiple CVE's |
Mozilla Thunderbird |
Before 115.14 |
8/6/2024 |
Memory Leak, Out of Bounds, Race Condition, Security Feature Bypass, Use After Free |
Update after testing |
|
Mozilla Firefox |
Before 129 |
8/6/2024 |
Arbitrary Code Execution, Out-of-Bounds Read, Race Condition, Security Feature Bypass, Spoofing, Unintended Permissions, Use After Free |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Windows/macOS/Linux before 6.0.0 |
8/13/2024 |
Buffer Overflow |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Windows/macOS/Linux before 6.0.10 |
8/13/2024 |
Protection Mechanism Failure |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Linux before 6.0.12 |
8/13/2024 |
Sensitive Information Exposure |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Windows/macOS/Linux before 6.1.0 |
8/13/2024 |
Sensitive Information Exposure |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Windows/macOS/Linux before 6.1.0 |
8/13/2024 |
Buffer Overflow |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for macOS before 6.1.0 |
8/13/2024 |
Untrusted Search Path |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for macOS before 6.1.5 |
8/13/2024 |
Buffer Overflow |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for macOS before 6.1.5 |
8/13/2024 |
Improper Privilege Management |
Update after testing |
|
|
Zoom Apps |
Workplace Desktop App for Linux before 6.1.5 |
8/13/2024 |
Improper Input Validation |
Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.