Tuesday, May 14, 2013

New CRITICAL Adobe Security Updates:
Flash Player 11.7.700.202,
AIR and
Cold Fusion 'Hotfix' updates for v9.x and v10

[Note added 2013-05-21 at 9:07 AM ET: Adobe released another update of Flash Player, v11.7.700.203, on May 21, 2013. At the moment there are NO release notes about this version at Adobe.com. Groan. If I find any security patches included in this version, I'll be writing it up in a separate article further up the blog. -->Give us a break Adobe.]

As scheduled, Adobe has provided security updates for Flash Player, AIR and ColdFusion. They have also provided updated Security Bulletins. All links are provided below.

Adobe Flash Player and AIR Security Bulletin:

Adobe Flash Player 11.7.700.202:

Adobe AIR 3.7:

13 security vulnerabilities have been patched:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335).

Adobe ColdFusion Hotfix Security Bulletin:

Instructions for installing ColdFusion updates:

5 security vulnerabilities, including 1 that is currently being exploited in-the-wild, have been patched:
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.  This hotfix addresses a vulnerability (CVE-2013-1389) that could permit remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. 

Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section above.

This hotfix resolves a vulnerability that could be exploited by a remote, unauthorized user to run arbitrary code on a system running ColdFusion (CVE-2013-1389).

This hotfix resolves a vulnerability that could permit an unauthorized user to remotely retrieve files stored on the server (CVE-2013-3336).


No comments:

Post a Comment