Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.
Impact
A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.
Versions Affected
- Movable Type Open Source 4.x
- Movable Type Open Source 5.x
- Movable Type 4.x ( with Professional Pack, Community Pack )
- Movable Type 5.x ( with Professional Pack, Community Pack )
- Movable Type Enterprise 4.x
Solution
Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.
- Movable Type Open Source 4.35
- Movable Type Open Source 5.04
- Movable Type 4.35( with Professional Pack, Community Pack)
- Movable Type 5.04( with Professional Pack, Community Pack)
- Movable Type Enterprise 4.35
Lina Kochovska on September 4, 2012, 3:51 a.m. 返信
I see that this updates are mandatory, but what will happen if I don’t do it for some reason - I forgot or I haven’t been able to. Do I have any other protection or …?
sinrex on September 4, 2012, 10:29 a.m. 返信
I once got hacked while using a version of MT 5.xx. I guess it was probably something to do with this - before the updates of course.
Jeremy Hannigan on September 11, 2012, 3:25 a.m. 返信
Hi Mihai, may I ask you why do you update your demo version with just security updates of MT? They have nothing in common with the functionality of the platform.
Bernadet on October 3, 2012, 11:16 a.m. 返信
What does it mean that the attacker could read or modify the contents in the system. Is it possible to modify my administrative files?
obtenir des likes on October 13, 2012, 12:56 a.m. 返信
There isn’t an editor that would allow this on a Mac, too, regarding the custom fields. At least none I’m aware of. Seeing your post is from 2009 (HELLO FROM THE FUTURE), your choices should be able to handle the rest.
rencontre gratuite on October 13, 2012, 6:39 a.m. 返信
Should it really make updates? Anyway thank you for your blog. Regards Fabrice
rencontre gratuite on October 13, 2012, 8:55 a.m. 返信
hello, are you there on mac? or iphone? I can not install
jobroni on November 6, 2012, 1:42 a.m. 返信
Cheerz for this guys
beijing massage on November 13, 2012, 12:36 a.m. 返信
Thanks, now everything is more secured. by the way The installation guide is a tad confusing for a newbie like me