Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe today issued three high-priority patches for its multimedia products, Flash player and media server, and ColdFusion.
The Flash updates it marked as "critical" while the other was "important", Adobe said.
The Flash player patch fixes a flaw that could have allowed an attacker to take control of an affected system. Adobe recommended that users of software before version 10.1.53.64 update to 10.1.82.76 while those using versions of Air before 2.0.2.12610 update to 2.0.3.
Although it was unaware of exploits for flaws in its Flash media server, Adobe said users of versions 3.0.5 and 3.5.3 should update to 3.0.6 and 3.5.4, respectively.
"One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system," Adobe wrote.
And it recommended users of ColdFusion 9.0.1 and earlier versions for Windows, OS X and Unix update to avoid a "directory traversal vulnerability [that] could lead to information disclosure".
Adobe next week will fix a flaw in its PDF reader software revealed at the Black Hat conference last month. The issuing of the patch "out-of-band" (outside its scheduled fixes) reflected the seriousness of the vulnerabilty.
It was caused by an integer overflow error in how the PDF viewer handles fonts. An attacker could corrupt memory using a PDF file to execute code.
Separately, Microsoft today issued 14 patches, eight 'critical', to cover 34 vulnerabilities - a record for the software company - covering its Windows, Office, Internet Explorer, Silverlight, XML Core Services and server message block products.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.