Adobe issues patches for Flash, Air, ColdFusion

By

Fixes flaws in popular client and server software.

Adobe today issued three high-priority patches for its multimedia products, Flash player and media server, and ColdFusion.

Adobe issues patches for Flash, Air, ColdFusion

The Flash updates it marked as "critical" while the other was "important", Adobe said.

The Flash player patch fixes a flaw that could have allowed an attacker to take control of an affected system. Adobe recommended that users of software before version 10.1.53.64 update to 10.1.82.76 while those using versions of Air before 2.0.2.12610 update to 2.0.3.

Although it was unaware of exploits for flaws in its Flash media server, Adobe said users of versions 3.0.5 and 3.5.3 should update to 3.0.6 and 3.5.4, respectively.

"One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system," Adobe wrote.

And it recommended users of ColdFusion 9.0.1 and earlier versions for Windows, OS X and Unix update to avoid a "directory traversal vulnerability [that] could lead to information disclosure".

Adobe next week will fix a flaw in its PDF reader software revealed at the Black Hat conference last month. The issuing of the patch "out-of-band" (outside its scheduled fixes) reflected the seriousness of the vulnerabilty.

It was caused by an integer overflow error in how the PDF viewer handles fonts. An attacker could corrupt memory using a PDF file to execute code.

Separately, Microsoft today issued 14 patches, eight 'critical', to cover 34 vulnerabilities - a record for the software company - covering its Windows, Office, Internet Explorer, Silverlight, XML Core Services and server message block products.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?