Adobe Updates Flash, Shockwave, ColdFusion

Wednesday, July 10, 2013 @ 11:07 AM gHale


Not only does Microsoft enjoy Patch Tuesday, but so does Adobe as the company released security updates for its Flash Player and Shockwave Player products as well as hotfixes for ColdFusion.

The security updates close critical vulnerabilities. Of the hotfixes for ColdFusion, one rated as “Critical,” while the other “important.”

RELATED STORIES
Adobe Fills Hole in Flash, AIR
Adobe in Patch Mode
PDF Hole Used in APT Attacks
Reader PDF Tracking Bug

The patches for Flash Player fix security holes that allowed potential attackers to trigger crashes and take control of affected systems. Windows and Mac users should update to version 11.8.800.94. An update to version 11.2.202.297 is available for Linux. The versions of Flash Player for Google Chrome (11.8.800.97) and for Internet Explorer 10 (11.8.800.94) should update automatically. Recent Android 4.x systems can become current by updating to 11.1.115.69. Older versions of Android such as 3.x and 2.x should update to version 11.1.111.64 of Flash Player.

The security hole in Adobe’s Shockwave also enables attackers to execute malicious code on a system. Windows and Mac OS X users can fix their players by updating to version 12.0.3.133.

Two hotfixed vulnerabilities were in Adobe’s ColdFusion. In ColdFusion 10 for Windows, Mac OS X and Linux, security hole CVE-2013-3350 enables attackers to “invoke public methods on ColdFusion Components using WebSockets.” Security hole CVE-2013-3349 in ColdFusion versions 9.0, 9.0.1 and 9.0.2 that run on JRun could trigger Denial-of-Service (DoS) scenarios. This hole doesn’t affect ColdFusion 10.



Leave a Reply

You must be logged in to post a comment.