Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

Adobe released critical security patches for its ColdFusion web application server and Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated.

These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330.

The following software versions are affected and should be updated as soon as possible:

• Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows
• Adobe Flash Player 11.2.202.310 and earlier versions for Linux
• Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh

Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities:

• Cross-site scripting (XSS) vulnerability (CVE-2013-5326)
• Allow unauthorized remote read access (CVE-2013-5328)

Both products have been patched multiple times this year. In January four critical vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632) were exploited by hackers to access and steal sensitive data stored on the servers.

In May, Hackers used these flaws to breach Washington state’s Administrative Office of the Courts. In that hack hackers accessed as many as 160,000 Social Security numbers and up to one million drivers license number.

HotFix (APSB13-26) for Adobe Flash Player and (APSB13-27) for Adobe ColdFusion are available for Download. Install the appropriate Adobe patches immediately, or let the Adobe’s updater do it for you.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.