Adobe Fixes Security Issues

Monday, November 23, 2015 @ 03:11 PM gHale

Adobe addressed security issues affecting its ColdFusion, LiveCycleDS, and Adobe Premiere Clip products.

The first fix was for Adobe ColdFusion that takes care of two input validation issues that could end up used in reflected cross-site scripting attacks.

Flash a Top Attack Tool
Fixed Flash Zero Day in Exploit Kits
Adobe Mitigates Shockwave Holes
Emergency Flash Update Nabs Zero Day

The hotfix also includes an updated version of BlazeDS that resolves an  important  server-side request forgery vulnerability, Adobe said. Versions ColdFusion 11 (Update 6 and earlier) and ColdFusion 10 (update 17 and earlier) suffer from the issue.

Security updates for Adobe LifeCycle Data Services also went out that include a fixed version of BlazeDS that also resolves a server-side request forgery vulnerability. The vulnerability, which garnered a priority rating of 2, can end up patched with a fix that handles the issue with the parsing of crafted XML documents that could expose affected systems to server side request forgery attacks.

Rounding out the list of patches released by the software firm is an update for Premiere Clip for iOS, which addresses an input validation issue in the mobile application that allows iOS users to create and edit videos on their iPhone or iPad. Adobe assigned the vulnerability a priority rating of 3.

While Adobe said it is not aware of any exploits abusing the issues, users should update their software installations to the latest versions.