Adobe patches Flash, Shockwave and ColdFusion

Adobe patches Flash, Shockwave and ColdFusion

Summary: Adobe has released a series of patches to close vulnerabilities that could allow malicious code to be executed, as well as other unwanted behaviour.

SHARE:
TOPICS: Security
3

Adobe has released a series of patches for its ColdFusion, and its Shockwave and Flash players.

The patches, released yesterday, address a series of issues in Adobe Flash Player, an integer overflow vulnerability and a memory corruption flaw that allows code to be executed. A separate memory corruption vulnerability caused by Flash player improperly initialising memory pointer arrays that allows code to be executed has also been fixed.

adobe-logo
Adobe has released a series of security patches for Flash Player, Shockwave and ColdFusion.

The vulnerabilities affect Adobe Flash Player version 11.6.602.180 and earlier for Windows and Mac, Adobe Flash Player version 11.2.202.275 and earlier for Linux, Adobe Flash Player version 11.1.115.48 and earlier for Android 4.x, and Adobe Flash Player version 11.1.111.44 and earlier versions for Android 3.x and 2.x.

Adobe recommends Windows users of Flash Player install the update as soon as possible, as there is a higher risk of the flaw being exploited than on other platforms.

Patches have also been released for Adobe Shockwave Player, fixing a buffer overflow hole and two memory corruption vulnerabilities that allowed code to be executed, as well as a memory leakage vulnerability that could be exploited to reduce the effectiveness of address space randomisation.

The vulnerabilities affect Adobe Shockwave Player version 12.0.0.112 and earlier on the Windows and Mac.

Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to the newest version 12.0.2.122, available here.

A separate hotfix fixes a vulnerability in the ColdFusion application server that could be exploited by an unauthorised user to gain access to the ColdFusion administrator console, and a flaw that could be exploited to impersonate an authenticated user.

The flaws affect ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Mac and UNIX.

Adobe recommends ColdFusion customers update their installation using the instructions provided here.

Topic: Security

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • HTML5, anybody?

    Get rid of this Flash plug-in garbage once and for all.
    CaviarGreen
  • Leaky dike

    Meet finger.
    JustCallMeBC
  • finger

    meet stuck
    CaviarGreen