Adobe updates Flash Player and Cold Fusion
Adobe has released updates for Flash and AIR which include high priority fixes for Flash Player on Windows. The priority 1 for the flaw indicates that the vulnerabilities are being actively exploited in the wild. Three vulnerabilities are addressed including a buffer overflow, an integer overflow and a memory corruption problem, all of which can, Adobe says, lead to code execution. The Flash updates and their sources are detailed below:
|Platform||Version||Source for update|
|Mac OS X||11.5.502.136||Adobe|
|Android 4.x||184.108.40.206||Automatically from Google Play (only for devices running Flash before 15 August 2012)|
|Android 3.x/2.x||220.127.116.11||Automatically from Google Play (only for devices running Flash before 15 August 2012)
|Google Chrome||18.104.22.168||Google (Chrome automatically installs updates)|
|IE 10 (Windows 8 and Server 2012)||11.3.377.15||Windows Update|
The updates for Flash Player also result in updates to Adobe's AIR, which includes the player; Adobe AIR 22.214.171.1240 and earlier is affected and should be updated to Adobe AIR 126.96.36.1990 on Windows and 188.8.131.520 on Mac OS X, available from the download centre. AIR SDK users should update to Adobe AIR SDK 184.108.40.2060 on Windows or SDK 220.127.116.110 on Mac OS X available from the SDK download centre. Updates for Android devices are available through Google Play or from the Amazon Marketplace.
Adobe also released a security hotfix for ColdFusion 10, rated as an important fix which is not currently being exploited in the wild. The fix is available for Windows, Mac OS X and UNIX. The vulnerability allowed for violations of the sandbox in shared hosting environments. Installation instructions for the Hotfix are available for ColdFusion 10, 9.0, 9.01 and 9.0.2.