Adobe Flash Player v11.8.800.94 patches three CVE security issues:
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-3344).All three security issues involve the usual bad memory management.
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-3345).
These updates resolve an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347).
Shockwave Player v188.8.131.52 patches one CVE issue:
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3348).Again, the security issue involves bad memory management.
ColdFusion 10 Hotfix 11 patches one CVE issue:
The hotfix for ColdFusion 10 for Windows, Macintosh and Linux resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets (CVE-2013-3350).
Happily, no update is required for current versions of Adobe AIR, Acrobat or Reader. Hurray.
That's it for last week's security updates! It looks like the malware rats are taking a vacation from attacking OS X users. Instead, the rats are focusing on Android vulnerabilities:
99% of all mobile threats target Android devices
I think I'll stick with iOS devices. I'm not keen on reliving my days as a Windows OS security victim by way of Android OS. Just saying! No flame comments required. (^_^)