Adobe has released a series of patches for its ColdFusion, and its Shockwave and Flash players.
The patches, released yesterday, address a series of issues in Adobe Flash Player, an integer overflow vulnerability and a memory corruption flaw that allows code to be executed. A separate memory corruption vulnerability caused by Flash player improperly initialising memory pointer arrays that allows code to be executed has also been fixed.
The vulnerabilities affect Adobe Flash Player version 11.6.602.180 and earlier for Windows and Mac, Adobe Flash Player version 220.127.116.115 and earlier for Linux, Adobe Flash Player version 18.104.22.168 and earlier for Android 4.x, and Adobe Flash Player version 22.214.171.124 and earlier versions for Android 3.x and 2.x.
Adobe recommends Windows users of Flash Player install the update as soon as possible, as there is a higher risk of the flaw being exploited than on other platforms.
Patches have also been released for Adobe Shockwave Player, fixing a buffer overflow hole and two memory corruption vulnerabilities that allowed code to be executed, as well as a memory leakage vulnerability that could be exploited to reduce the effectiveness of address space randomisation.
The vulnerabilities affect Adobe Shockwave Player version 126.96.36.199 and earlier on the Windows and Mac.
Adobe recommends users of Adobe Shockwave Player 188.8.131.52 and earlier versions update to the newest version 184.108.40.206, available here.
A separate hotfix fixes a vulnerability in the ColdFusion application server that could be exploited by an unauthorised user to gain access to the ColdFusion administrator console, and a flaw that could be exploited to impersonate an authenticated user.
The flaws affect ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Mac and UNIX.
Adobe recommends ColdFusion customers update their installation using the instructions provided here.