Adobe patches Flash, ColdFusion vulnerabilities

Critical vulnerabilities in Flash on Windows, Mac and Linux expose users to attack.

Today Adobe issued updates for the Flash Player on Windows, Mac and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. At the same time the company issued a security hotfix for ColdFusion, their web application platform.

Adobe says that these updates are unrelated to the recent theft of ColdFusion source code.

Flash Player version 11.9.900.117 and earlier for Windows and Macintosh and version and earlier for Linux are affected by the two vulnerabilities being fixed. The flaws on Windows and Mac are rated Critical, for allowing remote code execution, but Adobe is not aware of them being exploited in the wild.

The new versions on Windows and Mac are 11.9.900.152 and 11.7.700.252. The new Linux version is and the new version of AIR is New versions of the Flash Player and AIR may be downloaded from the Adobe web site. Users of Google Chrome will get updates from Google. Users of Windows 8 will get Internet Explorer updates directly from Microsoft.

Adobe has also release a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. The hotfix addresses two vulnerabilities: one is a cross-site scripting vulnerability, the other could allow unauthorized remote read access. The update and instructions for installing it may be found here at