Sunday, July 14, 2013

Adobe Critical Security Updates:
Flash Player v11.8.800.94
Shockwave Player v12.0.3.133
ColdFusion 10 Hotfix v11

--

On 2013-07-09 Adobe released critical security patches for Flash Player, Shockwave Player and ColdFusion 10. The Adobe security bulletins are available here:

http://www.adobe.com/support/security/

Adobe Flash Player v11.8.800.94 patches three CVE security issues:
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-3344).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-3345).

These updates resolve an integer overflow when resampling a user-supplied PCM buffer (CVE-2013-3347). 
All three security issues involve the usual bad memory management.

Shockwave Player v12.0.3.133 patches one CVE issue:
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-3348).
Again, the security issue involves bad memory management.

ColdFusion 10 Hotfix 11 patches one CVE issue:
The hotfix for ColdFusion 10 for Windows, Macintosh and Linux resolves a vulnerability that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets (CVE-2013-3350). 
Happily, no update is required for current versions of Adobe AIR, Acrobat or Reader. Hurray.

~~~~~~~

That's it for last week's security updates! It looks like the malware rats are taking a vacation from attacking OS X users. Instead, the rats are focusing on Android vulnerabilities:

99% of all mobile threats target Android devices

New Android Vulnerability Affects 99% of Devices

Google quickly patches the '99%' Android malware hole, ball is now in phone makers court

Five simple ways to avoid Android malware

I think I'll stick with iOS devices. I'm not keen on reliving my days as a Windows OS security victim by way of Android OS. Just saying! No flame comments required. (^_^)

--

No comments:

Post a Comment