Adobe has released updates for Flash Player and the ColdFusion web platform. The update fix three critical vulnerabilities in Flash Player on all platforms, as well as the AIR Runtime and SDK. The new versions of ColdFusion fix three lower-priority vulnerabilities.
The table below lists the affected and fixed versions of Flash Player and AIR:
|Product||Affected versions||Platform||Fixed version|
|Adobe Flash Player Desktop Runtime||126.96.36.199 and earlier||Windows and Macintosh||188.8.131.52|
|Adobe Flash Player Extended Support Release||184.108.40.206 and earlier||Windows and Macintosh||220.127.116.11.|
|Adobe Flash Player for Google Chrome||18.104.22.168 and earlier||Windows, Macintosh and Linux||Google provides|
|Adobe Flash Player for Internet Explorer 10 and Internet Explorer 11||22.214.171.124 and earlier||Windows 8.0 and 8.1||Microsoft provides|
|Adobe Flash Player||126.96.36.1996 and earlier||Linux||188.8.131.521|
|Adobe AIR Desktop Runtime||184.108.40.206 and earlier||Windows and Macintosh||220.127.116.113|
|Adobe AIR SDK||18.104.22.168 and earlier||Windows, Macintosh and iOS||22.214.171.1242|
|Adobe AIR SDK||126.96.36.199 and earlier||Android||188.8.131.523|
|Adobe AIR SDK and Compiler||184.108.40.206 and earlier||Windows, Macintosh, Android, and iOS||220.127.116.112|
To check the version of Flash Player you are running, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu.
Microsoft will release a new version of Internet Explorer, which has Flash Player integrated since version 10, fixing this and other vulnerabilities later today. Google has already begun to release new versions of Chrome with the fixed Flash Player.
New hotfixes for ColdFusion address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. The hotfix also fixes cross-site scripting and cross-site request forgery vulnerabilities.
To patch the vulnerabilities, ColdFusion admins should upgrade to the appropriate hotfix version:
|ColdFusion Version||Hotfix Version||Platform||Fixed Version|