September 11, 2018Swati Khandelwal
Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server.
What’s the good news this month for Adobe users?
This month Adobe Acrobat and Reader applications did not receive any patch update, while Adobe Flash Player has received an update for just a single privilege escalation vulnerability (CVE-2018-15967) rated as important.
ATTENTION: Click Here To Get Over $100,000 Money Transfer Through Bank Transfer Hackers!!!
ATTENTION: Get Your Hacked Western Union MTCN Transfer and Cash Out Over $2500 within minutes!!!
ATTENTION: Click Here For Your Blank/Cloned ATM Cards for ATM Cashout and Online Purchase!!!
Secondly, Adobe said none of the security vulnerabilities patched this
month were either publicly disclosed or found being actively exploited
in the wild.
Total 9 Security Patches for Adobe ColdFusion
Adobe has addressed a total of nine security vulnerabilities in its
ColdFusion web application development platform, six of which are
critical, two important and one moderate.
According to the advisory released by Adobe, ColdFusion contained four critical deserialization
of untrusted data vulnerabilities (CVE-2018-15965, CVE-2018-15957,
CVE-2018-15958, CVE-2018-15959) that could result in arbitrary code
execution.
Out of the remaining two critical vulnerabilities addressed in
ColdFusion, one is unrestricted file upload flaw (CVE-2018-15961) that
could lead to arbitrary code execution, and the other (CVE-2018-15960)
could enable arbitrary file overwrite.
The company has also released patches for two “important” security
vulnerabilities in ColdFusion–security bypass glitch (CVE-2018-15963)
that allows arbitrary folder creation, and directory listing flaw
(CVE-2018-15962) that could enable information disclosure–and a
moderate information disclosure bug (CVE-2018-15964).
The vulnerabilities impact 2016 (Update 6 and earlier versions) and the
July 12 (2018) release of ColdFusion, along with ColdFusion 11 (Update
14 and earlier versions).
Adobe recommends end users and administrators to update their
installations to ColdFusion 2018 Update 1, ColdFusion 2016 Update 7, and
ColdFusion 11 Update 15.
Adobe Also Patches An important Flaw In Flash Player
Besides ColdFusion, Adobe also released a security update for Flash Player for Windows, macOS, Linux, and Chrome OS, addressing an “important”
flaw in all for versions 30.0.0.154 and earlier for Google Chrome,
Desktop Runtime, Microsoft Edge and Internet Explorer 11.
The issue is a privilege escalation vulnerability (CVE-2018-15967) that
could lead to information disclosure. The company recommends Flash
Player users to update to version 31.0.0.208 as soon as possible.