Adobe Fixes Flash, ColdFusion Holes

Wednesday, September 12, 2018 @ 07:09 PM gHale

Adobe’s Patch Tuesday fixes 10 vulnerabilities in Flash Player and ColdFusion.

Only one security hole has been patched in Flash Player. Version 31.0.0.108 fixes CVE-2018-15967, a privilege escalation issue that can lead to information disclosure.

RELATED STORIES
Patch Tuesday Clears Zero Day
Windows 10 Zero Day Discovered
Hackers Leverage Patched Vulnerability
Lessons Learned One Year After Triton

The vulnerability, reported to Adobe by Microsoft’s Security Response Center, has been rated “important” with a priority rating of 2.

Nine vulnerabilities ended up fixed in ColdFusion, including deserialization holes that can end up leveraged for arbitrary code execution. An unrestricted file upload bug that can lead to code execution has also been classified as critical.

Another critical issue is the use of an unnamed component that has a known vulnerability. The flaw can allow an attacker to overwrite arbitrary files.



Leave a Reply

You must be logged in to post a comment.