ID: IRCNE2013041813
Date: 2013-04-10
According to "threatpost", Adobe published its monthly security bulletins today, pushing out updates that address issues in the company’s ColdFusion platform as well as its Flash and Shockwave Players.
The first bulletin provides a hotfix for Adobe’s ColdFusion platform, resolving anonymously reported flaws that could allow attackers to impersonate authenticated users or gain unauthorized access to the ColdFusion administrator console in versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX.
The vulnerabilities addressed are considered important ones in terms of severity, meaning that they could be exploited to compromise data security, sensitive information, or user resources.
The second bulletin closes crash-causing vulnerabilities in a laundry list of Adobe Flash Player versions for various operating systems. An attacker could also potentially exploit these in order to wrest control of affected systems.
Affected software includes: Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x, Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android, and Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions.
The final bulletin relates to Adobe’s Shockwave Player, fixing critically rated, highest priority vulnerabilities on both Windows and Mac machines. Successful exploitation of a buffer overflow and memory corruption vulnerability could give an attacker the ability to execute malicious code on affected systems. It also resolves a memory leakage problem that could be exploited to reduce the effectiveness of address space randomization.
- 2