July 14, Threatpost – (International) Flash Player update patches two Hacking Team zero days. Adobe released patches addressing two critical use-after-free vulnerabilities in ActionScript 3 revealed in data dumped from a recent breach of the Italian surveillance software company Hacking Team. Both flaws allowed an attacker to use a Web site hosting the exploit to completely take over an affected system. Source
July 13, Threatpost – (International) Kaseya patches two bugs in VSA IT management platform. Kaseya patched two flaws in its VSA IT management platform, including open redirect vulnerability in which an unauthenticated attacker could redirect users to sites with malicious content, and a path traversal bug in which an authenticated attacker could use a specially crafted Hyptertext Transfer Protocol (HTTP) request to traverse directories and download arbitrary files. Source