Adobe joined the Patch Tuesday train today with the release of patches for at least 21 documented security vulnerabilities in the Shockwave and ColdFusion product lines.
According to the APSB10-12 security bulletin, 18 of the 21 flaws affected the Shockwave Player, a free software product that lets users view rich-media content on the web.
Here’s the skinny:
Critical vulnerabilities have been identified in Adobe Shockwave Player 184.108.40.2066 and earlier versions for Windows and Macintosh. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
This bulletin is rated “critical” and Adobe recommends users of Adobe Shockwave Player 220.127.116.116 and earlier versions update to Adobe Shockwave Player 18.104.22.1689.
The second bulletin (APSB10-11) is rated “important” and fixes three flaws that could lead to cross-site scripting and information disclosure issues.
These vulnerabilities affect ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX.
Adobe said none of the fixes in this update involve zero-day issues or exploits in the wild.