Adobe on Tuesday released a patch for a vulnerability affecting versions of its ColdFusion Web application development platform. A company spokeswoman said the company still hasn’t set a date for an emergency patch for a critical and previously unknown hole in both the Adobe Reader and Adobe Acrobat applications, after promising to issue a fix this week. 

You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.

Adobe’s never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.
The patches, rated critical, cover a total of 7 vulnerabilities, some of which “could lead to the potential compromise of user accounts or the affected system,” according to an advisory from Adobe.  They affect ColdFusion v8.0.1 and earlier versions, and JRun 4.0.  Read the full story []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.