Adobe Ships Fixes for Flash, ColdFusion and Shockwave in April Patch Release

Adobe published its monthly security bulletins today, pushing out updates that address issues in the company’s ColdFusion platform as well as its Flash and Shockwave Players.The first bulletin provides a hotfix for Adobe’s ColdFusion platform, resolving anonymously reported flaws that could allow attackers to impersonate authenticated users or gain unauthorized access to the ColdFusion administrator console in versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX.

Adobe took pains to defuse a dispute between the company and famed Google security researcher Tavis Ormandy, posting more information about the holes fixed with a patch for its Flash Player software. Adobe had claimed that 13 separate vulnerabilities were patched with the bulletin APSB11-21, while Ormandy said that patch addressed hundreds of holes. 

Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated “critical,” addresses a total of five
documented vulnerabilities.  The most serious flaw could allow remote
code execution attacks against Windows and Mac users.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.