Friday, December 9, 2016

New CRITICAL Adobe Security Updates Flash Player 11 7 700 202 AIR 3 7 0 1860 and Cold Fusion Hotfix updates for v9 x and v10

New CRITICAL Adobe Security Updates Flash Player 11 7 700 202 AIR 3 7 0 1860 and Cold Fusion Hotfix updates for v9 x and v10


-
[Note added 2013-05-21 at 9:07 AM ET: Adobe released another update of Flash Player, v11.7.700.203, on May 21, 2013. At the moment there are NO release notes about this version at Adobe.com. Groan. If I find any security patches included in this version, Ill be writing it up in a separate article further up the blog. -->Give us a break Adobe.]

As scheduled, Adobe has provided security updates for Flash Player, AIR and ColdFusion. They have also provided updated Security Bulletins. All links are provided below.

Adobe Flash Player and AIR Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-14.html

Adobe Flash Player 11.7.700.202:
http://get.adobe.com/flashplayer/

Adobe AIR 3.7:
http://get.adobe.com/air/

13 security vulnerabilities have been patched:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335).

Adobe ColdFusion Hotfix Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-13.html

Instructions for installing ColdFusion updates:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html

5 security vulnerabilities, including 1 that is currently being exploited in-the-wild, have been patched:
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.  This hotfix addresses a vulnerability (CVE-2013-1389) that could permit remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. 

Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" section above.

This hotfix resolves a vulnerability that could be exploited by a remote, unauthorized user to run arbitrary code on a system running ColdFusion (CVE-2013-1389).

This hotfix resolves a vulnerability that could permit an unauthorized user to remotely retrieve files stored on the server (CVE-2013-3336).

--

Go to link Download