Adobe Fixes Bugs in Flash, Shockwave and ColdFusion
New security updates for Flash Player, Coldfusion and Shockwave were released by Adobe, few days ago. April was the last time they patched the mentioned software.
The security breaches in Shockwave and Flash Player could allow malicious third parties to install and run malware on the system. While the ColdFussion bugs are allowing hackers to remotely cause a denial-of-service condition on a ColdFusion server, or call a public method on ColdFusionComponents using WebSockets.
Breaches in ColdFusion security caused a lot of leaks this year. One of the most notable incident involved Washington state court system. Cyber criminals managed to access that particular court system and then steal the stored information. The data which was lost, includes residents’ driver’s license numbers, Social Security numbers and other sensitive information. These events affected more than one million residents of Washington. The particular vulnerabilities which were exploited during these hacks, were never revealed by the authorities.
ColdFusion 10 versions compatible with Windows, Linux and Mac OS are all vulnerable due to the breaches. The same situation is with versions 9.0.2, 9.0.1 and 9.0 on JRun. Adobe claimed that the security breaches in version 10 were the most significant of all, and gave them the highest rating of criticality.
According to Adobe, the users of ColdFusion 10 are not impacted by the denial of service vulnerability, which is affecting the versions running on JRun. CVE-2013-3349 has been reserved for the JRun vulnerabilities while CVE-2013-3350 has been reserved for the ColdFusion 10 flaws.
The Flash Player bulletin addresses three vulnerabilities affecting Adobe Flash Player 11.7.700.224 and previous versions for Windows, Adobe Flash Player 11.7.700.225 and previous versions for Macintosh, Adobe Flash Player 22.214.171.1241 and previous versions for Linux, Adobe Flash Player 126.96.36.199 and previous versions for Android 4.x, and Adobe Flash Player 188.8.131.52 and previous versions for Android 3.x and 2.x.
The breaches on Windows OS and Mac OS platforms were the priority to Adobe. The company encouraged the users to update their current versions to 11.8.800.94 or 11.7.700.232 for Windows and Macintosh respectively.
One vulnerability was patched in Shockwave Player 184.108.40.206, as well. It was allowing hackers to infiltrate remotely a webpage with malware and then infect the visitors; CVE-2013-3348 was reserved for this bug.