Adobe issues security fixes for Flash Player and ColdFusion

Adobe released security updates for its Flash Player and ColdFusion products on Tuesday in order to address critical vulnerabilities that could give attackers control over the affected computers.

Adobe recommends that users upgrade to Flash Player 11.5.502.135 for Windows, Flash Player 11.5.502.136 for Mac OS, Flash Player 11.2.202.258 for Linux, Flash Player 11.1.115.34 for Android 4.x and Flash Player 11.1.111.29 for Android 3.x.

[ The Web browser is your portal to the world — and the gateway for security threats. InfoWorld’s expert contributors show you how to secure your Web browsers. Download the free PDF today! | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. ]

Google Chrome users and those using Internet Explorer 10 on Windows 8 will be automatically upgraded to the latest Flash Player version available for their respective operating system and browser.

The new Flash Player updates address three vulnerabilities that could crash the application and potentially allow attackers to execute arbitrary code and take control over the underlying systems, Adobe said in a security advisory published Tuesday.

Adobe AIR, a cross-platform runtime system for rich Internet applications, including Flash-based ones, has also been updated to incorporate the Flash Player fixes.

In a separate security advisory published Tuesday, Adobe announced the availability of a security hotfix for ColdFusion 10 and earlier.

The hotfix addresses a vulnerability that could allow attackers to break out of the ColdFusion sandbox in a shared hosting environment. The company published a technical article with instructions on how to deploy the available patches for ColdFusion 10, 9.0.2, 9.0.1 and 9.0.

Adobe is not aware of any exploits or attacks in the wild that target the vulnerabilities addressed in these updates, Wiebke Lips, Adobe’s senior manager of corporate communications, said via email.