Adobe patches Flash, Shockwave and ColdFusion

Summary:Adobe has released a series of patches to close vulnerabilities that could allow malicious code to be executed, as well as other unwanted behaviour.

Adobe has released a series of patches for its ColdFusion, and its Shockwave and Flash players.

The patches, released yesterday, address a series of issues in Adobe Flash Player, an integer overflow vulnerability and a memory corruption flaw that allows code to be executed. A separate memory corruption vulnerability caused by Flash player improperly initialising memory pointer arrays that allows code to be executed has also been fixed.

Adobe has released a series of security patches for Flash Player, Shockwave and ColdFusion.

The vulnerabilities affect Adobe Flash Player version 11.6.602.180 and earlier for Windows and Mac, Adobe Flash Player version and earlier for Linux, Adobe Flash Player version and earlier for Android 4.x, and Adobe Flash Player version and earlier versions for Android 3.x and 2.x.

Adobe recommends Windows users of Flash Player install the update as soon as possible, as there is a higher risk of the flaw being exploited than on other platforms.

Patches have also been released for Adobe Shockwave Player, fixing a buffer overflow hole and two memory corruption vulnerabilities that allowed code to be executed, as well as a memory leakage vulnerability that could be exploited to reduce the effectiveness of address space randomisation.

The vulnerabilities affect Adobe Shockwave Player version and earlier on the Windows and Mac.

Adobe recommends users of Adobe Shockwave Player and earlier versions update to the newest version, available here.

A separate hotfix fixes a vulnerability in the ColdFusion application server that could be exploited by an unauthorised user to gain access to the ColdFusion administrator console, and a flaw that could be exploited to impersonate an authenticated user.

The flaws affect ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Mac and UNIX.

Adobe recommends ColdFusion customers update their installation using the instructions provided here.

Topics: Security


Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.