Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.
Impact
A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.
Versions Affected
- Movable Type Open Source 4.x
- Movable Type Open Source 5.x
- Movable Type 4.x ( with Professional Pack, Community Pack )
- Movable Type 5.x ( with Professional Pack, Community Pack )
- Movable Type Enterprise 4.x
Solution
Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.
- Movable Type Open Source 4.35
- Movable Type Open Source 5.04
- Movable Type 4.35( with Professional Pack, Community Pack)
- Movable Type 5.04( with Professional Pack, Community Pack)
- Movable Type Enterprise 4.35
Lina Kochovska on September 4, 2012, 3:51 a.m. Reply
I see that this updates are mandatory, but what will happen if I don’t do it for some reason - I forgot or I haven’t been able to. Do I have any other protection or …?
sinrex on September 4, 2012, 10:29 a.m. Reply
I once got hacked while using a version of MT 5.xx. I guess it was probably something to do with this - before the updates of course.
Jeremy Hannigan on September 11, 2012, 3:25 a.m. Reply
Hi Mihai, may I ask you why do you update your demo version with just security updates of MT? They have nothing in common with the functionality of the platform.
Bernadet on October 3, 2012, 11:16 a.m. Reply
What does it mean that the attacker could read or modify the contents in the system. Is it possible to modify my administrative files?
obtenir des likes on October 13, 2012, 12:56 a.m. Reply
There isn’t an editor that would allow this on a Mac, too, regarding the custom fields. At least none I’m aware of. Seeing your post is from 2009 (HELLO FROM THE FUTURE), your choices should be able to handle the rest.
rencontre gratuite on October 13, 2012, 6:39 a.m. Reply
Should it really make updates? Anyway thank you for your blog. Regards Fabrice
rencontre gratuite on October 13, 2012, 8:55 a.m. Reply
hello, are you there on mac? or iphone? I can not install
jobroni on November 6, 2012, 1:42 a.m. Reply
Cheerz for this guys
beijing massage on November 13, 2012, 12:36 a.m. Reply
Thanks, now everything is more secured. by the way The installation guide is a tad confusing for a newbie like me