-[Note added 2013-05-21 at 9:07 AM ET: Adobe released another update of Flash Player, v11.7.700.203, on May 21, 2013. At the moment there are NO release notes about this version at Adobe.com. Groan. If I find any security patches included in this version, I'll be writing it up in a separate article further up the blog. -->Give us a break Adobe.]
As scheduled, Adobe has provided security updates for Flash Player, AIR and ColdFusion. They have also provided updated Security Bulletins. All links are provided below.
Adobe Flash Player 11.7.700.202:
Adobe AIR 3.7:
13 security vulnerabilities have been patched:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335).
Adobe ColdFusion Hotfix Security Bulletin:
Instructions for installing ColdFusion updates:
5 security vulnerabilities, including 1 that is currently being exploited in-the-wild, have been patched:
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could permit remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section above.
This hotfix resolves a vulnerability that could be exploited by a remote, unauthorized user to run arbitrary code on a system running ColdFusion (CVE-2013-1389).
This hotfix resolves a vulnerability that could permit an unauthorized user to remotely retrieve files stored on the server (CVE-2013-3336).