Article

Adobe updates ColdFusion, JRun, Flex

SearchSecurity.com Staff

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. has released critical patches repairing eight flaws in versions 8.0.1 and earlier of ColdFusion, JRun 4.0 and Flex 3.3 SDK.

ColdFusion and JRun are web development applications that include application servers used to develop and test applications. Adobe said in the update issued Tuesday that attackers could exploit the ColdFusion and JRun vulnerabilities to steal sensitive data or take complete control of a victim's machine.

Adobe Systems patches:
How to manage patches for Adobe: If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain.

Trusteer CEO criticizes Adobe, touts better patch deployments
: Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer's CEO urges better patching mechanisms.

The most serious flaws are cross-site scripting (XSS) vulnerabilities, which allow attackers to execute malicious code on an underlying system by passing a malicious URL. The update repairs two XSS flaws in ColdFusion and two such flaws in JRun. The update to Flex also resolved an XSS vulnerability within the express-install templates for the Flex SDK. The fix was issued Wednesday.

Adobe said it is not currently aware of any exploits in the wild for the security vulnerabilities fixed in the applications.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: