***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my January 20254 Patch Monday newsletter! It is my first Patch Monday newsletter for the year and we have a few zero days to report.
Apple released updates for most of their products with a zero day for CoreMedia that affects macOS Sequoia, iPadOS, iOS, watchOS and Vision Pro. Apple reports that a malicious application may be able to elevate privileges. Apple reports that this issue may have been actively exploited against unpatched versions (see chart below). So you will want to get these updated ASAP.
Google released three version updates in the past 30 days covering 23 security fixes. Of these 8 are rated as critical. So, as usual, make sure Chrome gets restarted so that it can update. Adobe had regular updates for a handful of products (see chart below). Mozilla released regular updates as well with a few rated "High" for Thunderbird and Firefox. Zoom released updates as well with only one with a severity of "High" for Zoom Workplace App for Linux.
This month's newsletter sponsor, LOGbinder, has just released a new version of Supercharger for Windows Event Collection. I'm mentioning it here because many of you are users and have been asking when the .net 8 update will be released. You can download the latest update here or if you have an existing support contract and don't want to fill out the form then just email sales@logbinder.com.
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
 |
||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe Photoshop |
2024 25.12 and earlier |
1/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Stager |
3.0.4 and earlier |
1/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Illustrator for iPad |
3.0.7 earlier |
1/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Animate |
2023 23.0.9 and earlier |
1/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Designer |
14.0 and earlier |
1/14/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple macOS Sequoia |
Before 15.3 |
1/27/2025 |
Arbitrary Code Execution, Data Leak, Data Manipulation, DoS, Privilege Escalation, Security Feature Bypass, Spoofing, Type Confusion, Unauthorized Access, Unexpected System Termination |
Update ASAP | |
|
Apple macOS Ventura |
Before 13.7.3 |
1/27/2025 |
Data Leak, Data Manipulation, DoS, Privilege Escalation, Security Feature Bypass, Unauthorized Access, Unexpected System Termination |
Update after testing | |
|
Apple macOS Sonoma |
Before 14.7.3 |
1/27/2025 |
Arbitrary Code Execution, Data Leak, DoS, Privilege Escalation, Security Feature Bypass, Unauthorized Access, Unexpected System Termination |
Update after testing | |
|
Apple iOS |
iOS/iPadOS before 18.3 |
1/27/2025 |
Arbitrary Code Execution, Data Leak, DoS, Privilege Escalation, Security Feature Bypass, Spoofing, Unexpected System Termination |
Update ASAP | |
|
Apple Safari |
Before 18.3 |
1/27/2025 |
DoS, Security Feature Bypass, Spoofing, Unexpected Process Crash |
Update after testing | |
|
Apple watchOS |
Before 11.3 |
1/27/2025 |
Arbitrary Code Execution, Data Leak, DoS, Privilege Escalation, Security Feature Bypass, Type Confusion, Unexpected Process Crash |
Update ASAP | |
|
Apple visionOS |
Before 2.3 |
1/27/2025 |
Arbitrary Code Execution, Data Leak, DoS, Privilege Escalation, Security Feature Bypass, Spoofing, Unexpected Process Crash Unexpected System Termination |
Update ASAP | |
|
Google |
Before 132.0.6834.110 (Linux) |
1/22/2025 |
Inappropriate Implementation, Insufficient Data Validation, Integer Overflow, Object Corruption, Out of Bounds, Race Condition, Stack Buffer Overflow, Type Confusion |
Update after testing | |
|
Mozilla Thunderbird |
Before 134 |
1/7/2025 |
Arbitrary Code Execution, Memory Corruption, Path Traversal, Privilege Escalation, Use After Free, Validation Failure |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 134 |
1/10/2025 |
Spoofing |
Update after testing |
|
|
Mozilla Firefox |
Before 134 |
1/7/2025 |
Arbitrary Code Execution, Memory Corruption, Privilege Escalation, Spoofing, Security Feature Bypass, Use After Free, Valiation Failure |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 128.6 |
1/7/2025 |
Arbitrary Code Execution, Memory Corruption, Privilege Escalation, Use After Free, Valiation Failure |
Update after testing |
|
|
Zoom Jenkins Bot Plugin |
Before 1.6 |
1/14/2025 |
Information Disclosure |
Update after testing |
|
|
Zoom Workplace Apps for Linux |
Zoom Workplace App, Meeting SDK and Video SDK for Linux before 6.2.5 |
1/14/2025 |
Denial of Service |
Update after testing |
|
|
Zoom Workplace Apps |
Workplace App, Meeting SDK and Video SDK for Windows / macOS / Linux / iOS / Android before 6.2.5 |
1/14/2025 |
Out of Bounds Write |
Update after testing |
|
|
Zoom Workplace Apps for Windows |
Workplace App, Rooms Client, Rooms Controller, Meeting SDK and Video SDK for Windows before 6.2.5 |
1/14/2025 |
Privilege Escalation |
Update after testing |
|
|
Zoom Workplace App for macOS |
Workplace App, Rooms Client, Rooms Controller, Meeting SDK and Video SDK for macOS before 6.2.10 |
1/14/2025 |
Denial of Service |
Update after testing |
|
|
Zoom Workplace App for Linux |
Workplace App, Meeting SDK and Video SDK before 6.2.10 |
1/14/2025 |
Privilege Escalation |
Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.