Menu
Adobe releases critical security updates for Reader, Flash Player and ColdFusion

Adobe releases critical security updates for Reader, Flash Player and ColdFusion

One of the patched ColdFusion flaws is already targeted by attackers

Adobe has released scheduled security updates for its Reader, Acrobat, Flash Player and ColdFusion products on Tuesday in order to fix many critical vulnerabilities, including one that is already actively exploited by attackers.

The Adobe Reader and Acrobat updates include fixes for 27 vulnerabilities, 24 of which could lead to arbitrary code execution if exploited successfully. One of the other flaws could allow attackers to bypass the sandbox protection in Adobe Reader, the company said in a security advisory.

The sandbox mechanism is a feature first introduced in Adobe Reader X that's designed to prevent the successful execution of malicious code on the underlying system even if a traditional arbitrary code execution vulnerability is exploited.

Adobe advises Reader and Acrobat users to update their product installations to the newly released versions: Adobe Reader XI (11.0.03), Adobe Reader X (10.1.7) and Adobe Reader 9.5.5 for Windows and Mac; Adobe Reader 9.5.5 for Linux; Adobe Acrobat XI (11.0.03), Adobe Acrobat X (10.1.7) and Adobe Acrobat 9.5.5 for Windows and Mac.

The security updates released for Flash Player address a total of 13 vulnerabilities that could cause crashes and potentially allow attackers to take control of the affected systems.

Users of Flash Player for Windows and Macintosh should update to Flash Player 11.7.700.202, while users of Flash Player for Linux should update to Flash Player 11.2.202.285, Adobe said in a security advisory.

The Flash Player versions bundled with Google Chrome on Windows and Internet Explorer 10 will be automatically updated together with those browsers through their respective update mechanisms.

The company also released updates for Adobe AIR, a runtime for running rich Internet applications that includes Flash Player, as well as for Flash Player for Android 4.x, 3.x and 2.x.

Adobe is not aware of any exploits or attacks in the wild targeting any of the issues addressed in the security updates for Adobe Reader, Acrobat and Flash Player, the company said in a note about the new security updates sent Tuesday via email.

A security hotfix has also been released for versions 10, 9.0.2, 9.0.1, and 9.0 of Adobe's ColdFusion application server software. This hotfix address two flaws, a remote code execution one and one that could allow an unauthorized user to remotely retrieve files stored on a vulnerable server.

The company warned ColdFusion users about the second vulnerability, identified as CVE-2013-3336, last week after receiving reports of the flaw being actively exploited by attackers.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patchesAdobe SystemsExploits / vulnerabilities

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments