If you thought Patch Tuesday was over, you’re sorely mistaken! With Oracle’s quarterly security release alongside a security update for Google Chrome, the world of patching never sleeps.

Although not on the Windows platform, Zoom for Mac has been in the spotlight this week with numerous glaring security holes. TheHackerNews has been covering this developing story in detail.

First, on July 9th, it was found that Zoom runs a local web server that can be exploited by any website, allowing an attacker to enable the webcam. Apple worked closely with Zoom to release a MacOS update a day later to effectively block the web server. Next, on July 13th, an additional Remote Code Execution vulnerability was found in the same software where the endpoint receives commands remotely through the Zoom client. Finally, Zoom also contains two rebranded versions that are also vulnerable. While on MacOS, this is a fascinating story around the importance of transparency and the value of security researchers.

Security Releases

Oracle released its quarterly Critical Patch Update this week, with a total of 319 vulnerabilities. For Windows, Java SE released with a total of 10 CVEs remediated. This is the first Java SE release that adheres to the new License Agreement for commercial use, so make it a point to ensure your compliance. VirtualBox 5.2.32 and 6.0.10 released with Oracle’s July CPU as well, with a total of 14 vulnerabilities covered with the most severe CVE getting a CVSSv3 score of 8.8.

Google Chrome released 75.0.3770.142 containing two security fixes. The first vulnerability under CVE-2019-5847 details an error related to V8 that could be exploited to crash the application. The second vulnerability under CVE-2019-5848 details an exfiltration exploit related to font sizes.

Third-Party Updates

Although the updates above take priority, other vendors have been releasing non-security updates for their software. See the list below to add these to your next cycle:

Software Title

Ivanti ID

Ivanti KB

Azure Information Protection Client 1.53.10.0

AIPC-009

QAIPC153100

Blue Jeans 2.14.452.0

JEANS-020

QBJN2144520

CCleaner 5.60.7307

CCLEAN-082

QCCLEAN5607307

DropBox 77.4.131

DROPBOX-114

QDROPBOX774131

GoodSync 10.10.1

GOODSYNC-124

QGS101011

Opera 62.0.3331.72

OPERA-221

QOP620333172

Paint.net 4.2.0

PDN-010

QPDN420

Plex Media Player 2.37.2

PLXP-041

QPLXP2372

Plex Media Server 1.16.2.1297

PLXS-039

QPLXS11621297

Zoom Client 4.4.55389

ZOOM-026

QZOOM4455389

Protect yourself from the next wannacry