10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Adobe released critical security patches for its ColdFusion web application server and Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated.
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330.
The following software versions are affected and should be updated as soon as possible:
Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities:
Both products have been patched multiple times this year. In January four critical vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632) were exploited by hackers to access and steal sensitive data stored on the servers.
In May, Hackers used these flaws to breach Washington stateβs Administrative Office of the Courts. In that hack hackers accessed as many as 160,000 Social Security numbers and up to one million drivers license number.
HotFix (APSB13-26) for Adobe Flash Player and (APSB13-27) for Adobe ColdFusion are available for Download. Install the appropriate Adobe patches immediately, or let the Adobeβs updater do it for you.
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.