Patch Monday September 2024 - Regular month of patching; iOS 18 released

***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my September 2024 Patch Monday newsletter! It was an average month for 3rd party patching. Adobe had their usual updates but nothing high risk. There aren't any zero days to be concerned about.

Google released updates for 32 vulnerabilities in the past 30 days. Of these, 16 are rated high. You'll want to make sure Chrome updates get pushed out.

Zoom patched only one CVE for the month. Mozilla released it's regular updates for Firefox and ESR as well as an update for Focus.

Apple released a long list of updates as it made iOS 18 available to the public. watchOS, Sequioa, Safari and Xcode all had major version releases as well. As excited as I am about iOS 18, I would recommend you wait for the next minor update because if history repeats itself, iOS 18 may bring along some bugs that need fixing.

So that's about it for the month. Be sure to browse the chart below and happy patching!

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:
Identifier	Vendor/ Product	Affected Versions	Date Released by Vendor	Vulnerability Info	Vender Severity / Our Recommedation
Multiple CVE's	Adobe Media Encoder	24.5 and earlier 23.6.8 and earlier	9/10/2024	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Audition	24.4.1 and earlier 23.6.9 and earlier	9/10/2024	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe After Effects	24.5 and earlier 23.6.6 and earlier	9/10/2024	Arbitrary Code Execution, Arbitrary File System Write, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Premiere Pro	24.5 and earlier 23.6.8 and earlier	9/10/2024	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Illustrator	2024 28.6 and earlier 2023 27.9.5 and earlier	9/10/2024	Arbitrary Code Execution, Application DoS, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Acrobat Reader	DC/Reader DC Continuous 24.003.20054 (Windows) and 24.002.21005 (MacOS) and earlier Classic 2024 24.001.30159 and earlier Classic 2020 20.005.30655 and earlier	9/10/2024	Arbitrary Code Execution	Critical Priority 3: Update at admins discretion
CVE-2024-41874	Adobe Cold Fusion	2023 Update 9 and earlier 2021 Update 15 and earlier	9/10/2024	Arbitrary Code Execution	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Photoshop	2023 24.7.4 and earlier 2024 25.11 and earlier	9/10/2024	Arbitrary Code Execution	Critical Priority 3: Update at admins discretion
Multiple CVE's	Apple watchOS	Before 11	9/16/2024	Cross Site Scripting, Denial of Service, Information Disclosure, Integer Overflow, Out of Bounds, Security Feature Bypass	Update after testing
Multiple CVE's	Apple macOS	Sequoia before 15	9/16/2024	Cross Site Scripting, Denial of Service, Information Disclosure, Out of Bounds, Privilege Escalation, Race Condition, Security Feature Bypass, Spoofing	Update after testing
Multiple CVE's	Apple macOS	Ventura before 13.7	9/16/2024	Denial of Service, Information Disclosure, Keylogger, Out of Bounds, Race Condition, Security Feature Bypass, Spoofing	Update after testing
Multiple CVE's	Apple macOS	Sonoma before 14.7	9/16/2024	Denial of Service, Information Disclosure, Keylogger, Out of Bounds, Race Condition, Security Feature Bypass, Spoofing	Update after testing
Multiple CVE's	Apple iOS	iOS/iPadOS before 18	9/16/2024	Cross Site Scripting, Denial of Service, Information Disclosure, Out of Bounds, Race Condition, Security Feature Bypass	Update after testing
Multiple CVE's	Apple Safari	Before 18	9/16/2024	Cross Site Scripting, Information Disclosure, Spoofing	Update after testing
Multiple CVE's	Apple Xcode	Before 16	9/16/2024	Information Disclosure, Unauthorized Access	Update after testing
Multiple CVE's	Google Chrome	Before 129.0.6668.58 (Linux) Before 129.0.6668.58/.59 (Windows/Mac)	9/17/2024	Inappropriate Implementation, Insufficient Validation, Heap Buffer Overflow, Out of Bounds, Type Confusion, Use After Free	Update after testing
Multiple CVE's	Mozilla Thunderbird Firefox ESR	Before 115.15	9/3/2024	Information Disclosure, Memory Corruption, Type Confusion	Update after testing
Multiple CVE's	Mozilla Firefox	Before 130	9/3/2024	Arbitrary Code Execution, Memory Corruption, Spoofing, Type Confusion	Update after testing
Multiple CVE's	Mozilla Focus for iOS	Before 130	9/3/2024	Spoofing	Update after testing
Multiple CVE's	Mozilla Firefox for Android	Before 130.0.1	9/17/2024	Spoofing	Update after testing
CVE-2024-45424	Zoom Apps	Workplace Desktop App for Windows/macOS/Linux before 6.1.0 Workplace VDI Client for Windows before 6.1.0 (Except 5.17.15 and 6.00.12) Workplace App for iOS/Android before 6.1.0 Meeting SDK for Windows/iOS/Android/macOS/Linux before 6.1.0 Rooms App for Windows/macOS/iPad before 6.1.0 Rooms Controller for Windows/macOS/Linux/Android before 6.1.0	9/10/2024	Information Disclosure	Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.