Adobe unleases critical patches for ColdFusion, Reader and Flash
Adobe has released fixes for dozens of critical security flaws affecting ColdFusion, Reader, Acrobat and Flash Player.
Adobe's Patch Tuesday-synced scheduled security updates for Flash Player this month include fixes for 13 critical flaws with updates available for Windows, Mac, Linux and Android as well as updates for Adobe Air.
Flash Player version 11.7.700.202 fixes flaws in version 11.7.700.169 and earlier on Windows and Mac, while the Flash on Linux at 11.2.202.280 or below should update to 11.2.202.285.
Adobe recommends administrators update Windows with particular urgency, since exploits for the vulnerabilities affecting Flash on the platform could be expected to appear within 72 hours. Exploits for Flash on Macs are the second priority and could have working exploits in 30 days.
Flash will automatically update with the latest versions of Chrome and Internet Explorer 10 on Windows 8/RT systems.
Adobe has also released a critical hotfix for two flaws in its web application platform ColdFusion 9 and 10. It includes last week's emergency fix for a flaw that was being used to attack ColdFusion customers.
"Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide," Adobe said.
A ColdFusion flaw was recently used in an attack on the Washington state court, which may have exposed as many as 160,000 Social Security Numbers.
The update for Adobe's Acrobat and Reader products include fixes for 27 critical flaws. The highest priority update is for Acrobat and Reader 9 on Windows, which updates to 9.5.5.
Windows and Mac users running Acrobat and Reader XI (11.0.02) should update to version 11.0.03, while Windows and Mac users on Acrobat and Reader X (10.1.6) who cannot update to the latest version of XI can update to Acrobat and Reader X 10.1.7. Reader 9.5.4 on Linux should be updated to 9.5.5.