News Stay informed about the latest enterprise technology news and product updates.

Adobe updates ColdFusion, JRun, Flex

Application vendor focuses on vulnerabilities in its Web application development tools.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. has released critical patches repairing eight flaws in versions 8.0.1 and earlier of ColdFusion, JRun 4.0 and Flex 3.3 SDK.

ColdFusion and JRun are web development applications that include application servers used to develop and test applications. Adobe said in the update issued Tuesday that attackers could exploit the ColdFusion and JRun vulnerabilities to steal sensitive data or take complete control of a victim's machine.

Adobe Systems patches:
How to manage patches for Adobe: If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain.

Trusteer CEO criticizes Adobe, touts better patch deployments
: Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer's CEO urges better patching mechanisms.

The most serious flaws are cross-site scripting (XSS) vulnerabilities, which allow attackers to execute malicious code on an underlying system by passing a malicious URL. The update repairs two XSS flaws in ColdFusion and two such flaws in JRun. The update to Flex also resolved an XSS vulnerability within the express-install templates for the Flex SDK. The fix was issued Wednesday.

Adobe said it is not currently aware of any exploits in the wild for the security vulnerabilities fixed in the applications.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.