Welcome to my October 2025 Patch Monday newsletter! This month was not a very big one for our 3rd party vendors. I have no zero days to report in the last 30 days for Chrome, Apple and Adobe's suite of products, Zoom and Firefox.
While the publicly documented change logs for Chrome in the last 30 days are somewhat light, Google continues to push updates routinely (every few weeks) via its stable channel. In the past 30 days there have been 4 version updates targeting 28 vulnerabilities. There were a couple other version updates as well but they didn't include any security fixes. The important thing to stay focused on is ensuring Chrome is kept up-to-date. This is critical as we see more and more browser-based attacks via malicious links or attachments.
If you're a Zoom user we have only two updates in the chart below. Both are medium rated information disclosures.
Apple had updates across five of its products but it was all for the same vulnerability; CVE-2025-43400. This medium rated out of bounds write allows a maliciously crafted font to unexpectedly terminate apps or corrupt process memory.
Mozilla and Adobe had updates across their products as detailed in the chart below.
If there are any additional products you would like to see in the chart below, please let me know.
If you're interested in security and AI, then you'll want to register for this weeks webinar with Silverfort where we're discussing "No Blind Spots: A Unified Defense for Human, Machine and AI Identities".
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
|||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommendation |
|
Adobe Animate |
2023 23.0.13 and earlier |
10/14/2025 |
Arbitrary Code Execution, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Bridge |
14.1.8 (LTS) and earlier |
10/14/2025 |
Arbitrary Code Execution, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Commerce |
Commerce/Magento Open Source 2.4.9-alpha2 and earlier |
10/14/2025 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 2: Update within 30 days |
|
|
Adobe Connect |
12.9 and earlier |
10/14/2025 |
Arbitrary Code Execution, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Creative Cloud |
6.7.0.278 and earlier |
10/14/2025 |
Arbitrary File System Write |
Important Priority 3: Update at admins discretion |
|
|
Adobe Dimension |
4.1.4 and earlier |
10/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager |
6.5.22 Screens FP11.6 |
10/14/2025 |
Arbitrary Code Execution |
Important Priority 3: Update at admins discretion |
|
|
Adobe FrameMaker |
2020 Release Update 9 and earlier |
10/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Illustrator |
2024 28.7.9 and earlier |
10/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Modeler |
1.22.3 and earlier |
10/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Substance 3D Stager |
3.1.4 and earlier |
10/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Substance 3D Viewer |
0.25.2 and earlier |
10/14/2025 |
Arbitrary Code Execution, Application DoS |
Critical Priority 3: Update at admins discretion |
|
|
Apple iPadOS |
Before 26.0.1 |
9/29/2025 |
Out of Bounds Write |
Update after testing |
|
|
Apple macOS Sequoia |
Before 15.7.1 |
9/29/2025 |
Out of Bounds Write |
Update after testing |
|
|
Apple macOS |
Before 14.8.1 |
9/29/2025 |
Out of Bounds Write |
Update after testing |
|
|
Apple macOS Tahoe |
Before 26.0.1 |
9/29/2025 |
Out of Bounds Write |
Update after testing |
|
|
Apple visionOS |
Before 26.0.1 |
9/29/2025 |
Out of Bounds Write |
Update after testing |
|
|
Google |
Before 141.0.7390.122 (Linux) |
10/21/2025 |
Heap Buffer Overflow, Inappropriate Implementation, Integer Overflow, Off By One Error, Out of Bounds Read, Side Channel Info Leak, Use After Free |
Update after testing | |
|
Mozilla Thunderbird |
Before 144 |
10/14/2025 |
Arbitrary Code Execution, Cross Site Scripting, Information Disclosure, Out of Bounds, Security Feature Bypass, Use After Free, User Confusion |
Update after testing |
|
|
Mozilla Firefox |
Before 144.0.2 |
10/28/2025 |
Arbitrary Code Execution, Cross Site Scripting, Information Disclosure, Out of Bounds, Security Feature Bypass, Spoofing, Use After Free |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 140.4 |
10/14/2025 |
Arbitrary Code Execution, Cross Site Scripting, Information Disclosure, Out of Bounds, Security Feature Bypass, Spoofing, Use After Free |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 143.1 |
9/28/2025 |
Data Leak |
Update after testing |
|
|
Zoom Rooms Clients |
For Windows, macOS, Android, iOS and iPad before 6.5.1 |
10/14/2025 |
Disclosure of Information |
Medium - Update after testing |
|
|
Zoom Clients for Windows |
Workplace before 6.5.5 |
10/14/2025 |
Disclosure of Information |
|
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.