Adobe Fixes Flash Player, ColdFusion

Monday, November 18, 2013 @ 07:11 PM gHale


Adobe has been under fire this year for vulnerabilities, and the most recent fix to Flash Player is no different as it fixes security holes that could lead to compromise of the targeted system.

The new Flash Player 11.9.900.152 eliminates two memory corruption vulnerabilities (CVE-2013-5329 and CVE-2013-5330) that would allow an attacker to execute malicious native code on the targeted machine surreptitiously.

RELATED STORIES
Adobe Hack Bigger than Thought
Adobe Hacked, Source Code Leaked
Too Small for an Attack? Think Again
2 Teens Busted in Separate DDoS Attacks

Adobe labeled both security updates as critical and have the highest priority rating (1) on Windows and Mac. This means administrators should install the latest version in the shortest time possible.

The company did not provide any information about possible exploitation of the vulnerabilities.

Adobe released a security hotfix for ColdFusion as well, for versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and Linux.

The patch addresses a flaw (reflected cross site scripting – CVE-2013-5326) that an attacker could leverage remotely when the CFIDE directory ends up exposed (in ColdFusion 10 and earlier).

Another security hole plugged by the ColdFusion hotfix would allow unauthorized remote read access.



Leave a Reply

You must be logged in to post a comment.