Adobe issues patches for Flash, Air, ColdFusion

Adobe today issued three high-priority patches for its multimedia products, Flash player and media server, and ColdFusion.

The Flash updates it marked as "critical" while the other was "important", Adobe said.

The Flash player patch fixes a flaw that could have allowed an attacker to take control of an affected system. Adobe recommended that users of software before version 10.1.53.64 update to 10.1.82.76 while those using versions of Air before 2.0.2.12610 update to 2.0.3.

Although it was unaware of exploits for flaws in its Flash media server, Adobe said users of versions 3.0.5 and 3.5.3 should update to 3.0.6 and 3.5.4, respectively.

"One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system," Adobe wrote.

And it recommended users of ColdFusion 9.0.1 and earlier versions for Windows, OS X and Unix update to avoid a "directory traversal vulnerability [that] could lead to information disclosure".

Adobe next week will fix a flaw in its PDF reader software revealed at the Black Hat conference last month. The issuing of the patch "out-of-band" (outside its scheduled fixes) reflected the seriousness of the vulnerabilty.

It was caused by an integer overflow error in how the PDF viewer handles fonts. An attacker could corrupt memory using a PDF file to execute code.

Separately, Microsoft today issued 14 patches, eight 'critical', to cover 34 vulnerabilities - a record for the software company - covering its Windows, Office, Internet Explorer, Silverlight, XML Core Services and server message block products.