Adobe patches Flash Player and ColdFusion

Updates fix three critical vulnerabilities in Flash Player and ColdFusion. None are known to be exploited in the wild.

Adobe has released updates for Flash Player and the ColdFusion web platform. The update fix three critical vulnerabilities in Flash Player on all platforms, as well as the AIR Runtime and SDK. The new versions of ColdFusion fix three lower-priority vulnerabilities.

The table below lists the affected and fixed versions of Flash Player and AIR:

Product Affected versions Platform Fixed version
Adobe Flash Player Desktop Runtime 15.0.0.167 and earlier Windows and Macintosh 15.0.0.189
Adobe Flash Player Extended Support Release 13.0.0.244 and earlier Windows and Macintosh 13.0.0.250.
Adobe Flash Player for Google Chrome 15.0.0.152 and earlier Windows, Macintosh and Linux Google provides
Adobe Flash Player for Internet Explorer 10 and Internet Explorer 11 15.0.0.167 and earlier Windows 8.0 and 8.1 Microsoft provides
Adobe Flash Player 11.2.202.406 and earlier Linux 11.2.202.411
Adobe AIR Desktop Runtime 15.0.0.249 and earlier Windows and Macintosh 15.0.0.293
Adobe AIR SDK 15.0.0.249 and earlier Windows, Macintosh and iOS 15.0.0.302
Adobe AIR SDK 15.0.0.252 and earlier Android 15.0.0.293
Adobe AIR SDK and Compiler 15.0.0.249 and earlier Windows, Macintosh, Android, and iOS 15.0.0.302

To check the version of Flash Player you are running, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu.

Microsoft will release a new version of Internet Explorer, which has Flash Player integrated since version 10, fixing this and other vulnerabilities later today. Google has already begun to release new versions of Chrome with the fixed Flash Player.

New hotfixes for ColdFusion address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. The hotfix also fixes cross-site scripting and cross-site request forgery vulnerabilities.

To patch the vulnerabilities, ColdFusion admins should upgrade to the appropriate hotfix version:

ColdFusion Version Hotfix Version Platform Fixed Version
11 Update 2 All 2
10 Update 14 All 2
9.0.2 Update 7 All 2
9.0.1 Update 12 All 2
9.0 Update 13 All 2

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All