In association with heise online

10 July 2013, 11:49

Adobe fixes Flash Player, Shockwave and ColdFusion

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Security

Adobe has released security updates for its Flash Player and Shockwave Player products as well as hotfixes for ColdFusion. The updates close critical vulnerabilities. Of the holes in ColdFusion, one is "Critical", while the other is "important".

The patches for Flash Player fix security holes that allowed potential attackers to trigger crashes and take control of affected systems. Windows and Mac users should update to version 11.8.800.94. An update to version is available for Linux. The versions of Flash Player for Google Chrome (11.8.800.97) and for Internet Explorer 10 (11.8.800.94) should update automatically. Recent Android 4.x systems can be made current by updating to (Adobe unsupported archive downloadDirect download). Older versions of Android such as 3.x and 2.x should be updated to version of Flash Player (Adobe unsupported archive downloadDirect download).

The security hole in Adobe's Shockwave also enables attackers to execute malicious code on a system. Windows and Mac OS X users can fix their players by updating to version

A total of two vulnerabilities that can now be hotfixed have been lurking in Adobe's ColdFusion. In ColdFusion 10 for Windows, Mac OS X and Linux, security hole CVE-2013-3350 enables attackers to "invoke public methods on ColdFusion Components using WebSockets". Security hole CVE-2013-3349 in ColdFusion versions 9.0, 9.0.1 and 9.0.2 that run on JRun could trigger Denial-of-Service (DoS) scenarios. This hole doesn't affect ColdFusion 10.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit