ID: IRCNE2013051843
Date: 2013-05-15
According to "computerworld", Adobe released scheduled security updates for its Reader, Acrobat, Flash Player and ColdFusion products on Tuesday to fix many critical vulnerabilities, including one that is already actively exploited by attackers.
The Adobe Reader and Acrobat updates include fixes for 27 vulnerabilities, 24 of which could lead to arbitrary code execution if exploited successfully. One of the other flaws could allow attackers to bypass the sandbox protection in Adobe Reader, the company said in a security advisory.
Adobe advises Reader and Acrobat users to update their product installations to the newly released versions: Adobe Reader XI (11.0.03), Adobe Reader X (10.1.7) and Adobe Reader 9.5.5 for Windows and Mac; Adobe Reader 9.5.5 for Linux; Adobe Acrobat XI (11.0.03), Adobe Acrobat X (10.1.7) and Adobe Acrobat 9.5.5 for Windows and Mac.
The security updates released for Flash Player address a total of 13 vulnerabilities that could cause crashes and potentially allow attackers to take control of the affected systems.
Users of Flash Player for Windows and Macintosh should update to Flash Player 11.7.700.202, while users of Flash Player for Linux should update to Flash Player 11.2.202.285, Adobe said in a security advisory.
The Flash Player versions bundled with Google Chrome on Windows and Internet Explorer 10 will be automatically updated together with those browsers through their respective update mechanisms.
A security hotfix has also been released for versions 10, 9.0.2, 9.0.1, and 9.0 of Adobe's ColdFusion application server software. This hotfix address two flaws, a remote code execution one and one that could allow an unauthorized user to remotely retrieve files stored on a vulnerable server.
The company warned ColdFusion users about the second vulnerability, identified as CVE-2013-3336, last week after receiving reports of the flaw being actively exploited by attackers.
- 2