Adobe preps ColdFusion update to deter active exploits

Share this article:

Adobe next week plans to patch its ColdFusion application server to close three vulnerabilities.

The company said in an advisory late Friday that attackers are actively exploiting the bugs, which could allow an adversary to take control of the targeted server, gain increased access or steal information. Two of the flaws, however, only impact those customers who lack password protection.

The hotfix, set to be issued Jan. 15, will update ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 running on Windows, Macintosh and Unix.

Meanwhile, Adobe on Tuesday expects to push out normally scheduled updates for its Reader and Acrobat software (versions 11.0 and earlier) to coincide with Microsoft's planned patches.

Adobe did not say how many vulnerabilities will be patched, but a spokeswoman said the company was not aware of any being exploited in the wild.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.