Adobe patches Flash, ColdFusion vulnerabilities

Summary:Critical vulnerabilities in Flash on Windows, Mac and Linux expose users to attack.

Today Adobe issued updates for the Flash Player on Windows, Mac and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. At the same time the company issued a security hotfix for ColdFusion, their web application platform.

Adobe says that these updates are unrelated to the recent theft of ColdFusion source code.

Flash Player version 11.9.900.117 and earlier for Windows and Macintosh and version 11.2.202.310 and earlier for Linux are affected by the two vulnerabilities being fixed. The flaws on Windows and Mac are rated Critical, for allowing remote code execution, but Adobe is not aware of them being exploited in the wild.

The new versions on Windows and Mac are 11.9.900.152 and 11.7.700.252. The new Linux version is 11.2.202.327 and the new version of AIR is 3.9.0.1210. New versions of the Flash Player and AIR may be downloaded from the Adobe web site. Users of Google Chrome will get updates from Google. Users of Windows 8 will get Internet Explorer updates directly from Microsoft.

Adobe has also release a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. The hotfix addresses two vulnerabilities: one is a cross-site scripting vulnerability, the other could allow unauthorized remote read access. The update and instructions for installing it may be found here at http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.