Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.
Impact
A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.
Versions Affected
- Movable Type Open Source 4.x
- Movable Type Open Source 5.x
- Movable Type 4.x ( with Professional Pack, Community Pack )
- Movable Type 5.x ( with Professional Pack, Community Pack )
- Movable Type Enterprise 4.x
Solution
Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.
- Movable Type Open Source 4.35
- Movable Type Open Source 5.04
- Movable Type 4.35( with Professional Pack, Community Pack)
- Movable Type 5.04( with Professional Pack, Community Pack)
- Movable Type Enterprise 4.35
Lina Kochovska
September 4, 2012 3:51 AM | Reply
I see that this updates are mandatory, but what will happen if I don't do it for some reason - I forgot or I haven't been able to. Do I have any other protection or ...?
sinrex
September 4, 2012 10:29 AM | Reply
I once got hacked while using a version of MT 5.xx. I guess it was probably something to do with this - before the updates of course.
Jeremy Hannigan
September 11, 2012 3:25 AM | Reply
Hi Mihai, may I ask you why do you update your demo version with just security updates of MT? They have nothing in common with the functionality of the platform.
Bernadet
October 3, 2012 11:16 AM | Reply
What does it mean that the attacker could read or modify the contents in the system. Is it possible to modify my administrative files?
obtenir des likes
October 13, 2012 12:56 AM | Reply
There isn't an editor that would allow this on a Mac, too, regarding the custom fields. At least none I'm aware of. Seeing your post is from 2009 (HELLO FROM THE FUTURE), your choices should be able to handle the rest.
rencontre gratuite
October 13, 2012 6:39 AM | Reply
Should it really make updates?
Anyway thank you for your blog.
Regards Fabrice
rencontre gratuite
October 13, 2012 8:55 AM | Reply
hello,
are you there on mac? or iphone?
I can not install
jobroni
November 6, 2012 1:42 AM | Reply
Cheerz for this guys
beijing massage
November 13, 2012 12:36 AM | Reply
Thanks, now everything is more secured.
by the way
The installation guide is a tad confusing for a newbie like me