Adobe to close ColdFusion holes

By

Patches Reader and Acrobat.

Adobe next week plans to patch its ColdFusion application server to close three vulnerabilities.

Adobe to close ColdFusion holes

The company said in an advisory that attackers were actively exploiting the bugs, which could allow an adversary to take control of the targeted server, gain increased access or steal information.

Two of the flaws, however, only affected customers that lacked password protection.

The hotfix, set to be issued 15 January, will update ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 running on Windows, Macintosh and Unix.

Meanwhile, Adobe on Tuesday expects to push out normally scheduled updates for its Reader and Acrobat software (versions 11.0 and earlier) to coincide with Microsoft's planned patches.

Adobe did not say how many vulnerabilities will be patched, but a spokeswoman said the company was not aware of any being exploited in the wild.

Last year, Australian services provider Melbourne IT pinned a series of security breaches on an unpatched ColdFusion vulnerability.

Hackers purporting to be from a Anonymous splinter group exploited the vulnerability to deface nine Queensland Government websites and steal a 40GB trove of data from corporate ISP AAPT.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?