Adobe updates ColdFusion, JRun, Flex

Application vendor focuses on vulnerabilities in its Web application development tools.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. has released critical patches repairing eight flaws in versions 8.0.1 and earlier of ColdFusion, JRun 4.0 and Flex 3.3 SDK.

ColdFusion and JRun are web development applications that include application servers used to develop and test applications. Adobe said in the update issued Tuesday that attackers could exploit the ColdFusion and JRun vulnerabilities to steal sensitive data or take complete control of a victim's machine.

Adobe Systems patches:
How to manage patches for Adobe: If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain.

Trusteer CEO criticizes Adobe, touts better patch deployments
: Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer's CEO urges better patching mechanisms.

The most serious flaws are cross-site scripting (XSS) vulnerabilities, which allow attackers to execute malicious code on an underlying system by passing a malicious URL. The update repairs two XSS flaws in ColdFusion and two such flaws in JRun. The update to Flex also resolved an XSS vulnerability within the express-install templates for the Flex SDK. The fix was issued Wednesday.

Adobe said it is not currently aware of any exploits in the wild for the security vulnerabilities fixed in the applications.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close