***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my December 2024 Patch Monday newsletter! It's our last Patch Monday newsletter for the year!
The biggest vendor this month was Adobe. They released updates for 17 products since last month. The good news is that they didn't have any zero-days to report. As a matter of fact, of the vendors we cover there are no zero-days in the past month to talk about.
Apple released updates to various flavors of macOS as well as watchOS, iPadOS, iOS and visionOS. Mozilla had a fairly busy 30 days with a couple of updates on various dates for Firefox, Firefox for iOS and Firefox ESR. Chrome had 3 version updates covering a total of only 12 vulnerabilities. Zoom didn't release any security updates in the past 30 days. So, it was a fairly slow month and end of the year.
This month's newsletter sponsor, LOGbinder, has just released a new version of Supercharger for Windows Event Collection. I'm mentioning it here because many of you are users and have been asking when the .net 8 update will be released. You can download the latest update here or if you have an existing support contract and don't want to fill out the form then just email sales@logbinder.com.
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
 |
||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe Experience Manager |
AEM Cloud Service |
12/10/2024 |
Arbitrary Code Execution, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Acrobat and Reader |
Reader DC/DC Continuous 24.005.20307 and earlier |
12/10/2024 |
Arbitrary Code Execution, Application DoS, Memory Leak |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Media Encoder |
24.6.3 and earlier |
12/10/2024 |
Arbitrary Code Execution, Application DoS |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Illustrator |
2025 29.0.0 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe After Effects |
24.6.2 and earlier |
12/10/2024 |
Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Animate |
2023 23.0.8 earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InDesign |
ID19.5 and earlier |
12/10/2024 |
Application DoS, Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe PDFL SDK |
21.0.0.5 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Connect |
12.6 and earlier |
12/10/2024 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Sampler |
4.5.1 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Photoshop |
2025 26.0 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Modeler |
1.14.1 and earlier |
12/10/2024 |
Arbitrary Code Execution, Application DoS |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Bridge |
14.1.3 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Premiere Pro |
25.0 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Painter |
10.1.1 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Framemaker |
2020 Update 7 and earlier |
12/10/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple macOS Sequoia |
Before 15.2 |
12/11/2024 |
Arbitrary Code Execution, Data Leak, Data Manipulation, DoS, Memory Leak, Privilege Escalation, Race Condition, Security Feature Bypass, Unauthorized Access, Unexpected System Termination |
Update after testing | |
|
Apple macOS Ventura |
Before 13.7.2 |
12/11/2024 |
Arbitrary Code Execution, Data Leak, DoS, Memory Leak, Privilege Escalation, Race Condition, Security Feature Bypass, Unauthorized Access |
Update after testing | |
|
Apple macOS Sonoma |
Before 14.7.2 |
12/11/2024 |
Arbitrary Code Execution, Data Leak, DoS, Memory Leak, Privilege Escalation, Race Condition, Security Feature Bypass, Unauthorized Access, Unexpected System Termination |
Update after testing | |
|
Apple iOS |
iOS/iPadOS before 18.2 |
12/11/2024 |
Arbitrary Code Execution, Data Manipulation, DoS, Memory Leak, Privilege Escalation, Race Condition, Security Feature Bypass, Type Confusion |
Update after testing | |
|
Apple Safari |
Before 18.2 |
12/11/2024 |
Information Leak, Type Confusion, Unexpected Process Crash |
Update after testing | |
|
Apple watchOS |
Before 11.2 |
12/11/2024 |
Arbitrary Code Execution, Data Leak, DoS, Memory Leak, Privilege Escalation, Race Condition, Security Feature Bypass, Type Confusion, Unexpected Process Crash |
Update after testing | |
|
Apple visionOS |
Before 2.2 |
12/11/2024 |
Arbitrary Code Execution, Data Leak, Data Manipulation, DoS, Memory Leak, Race Condition, Type Confusion, Unexpected Process Crash Unexpected System Termination |
Update after testing | |
|
Google |
Before 131.0.6778.204 (Linux) |
12/18/2024 |
Out of Bounds, Type Confusion, Use After Free |
Update after testing | |
|
Mozilla Thunderbird |
Before 133 |
12/11/2024 |
Arbitrary Code Execution, Out of Bounds Write, Spoofing, Security Feature Bypass, User Confusion |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 133 |
11/26/2024 |
Spoofing, User Confusion |
Update after testing |
|
|
Mozilla Firefox |
Before 133 |
11/26/2024 |
Arbitrary Code Execution, Out of Bounds Write, Data Leak, Spoofing, Security Feature Bypass, Tapjacking, Race Condition, User Confusion |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 128.5 |
11/26/2024 |
Arbitrary Code Execution, Out of Bounds Write, Spoofing, Security Feature Bypass, User Confusion |
Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.