January 07, 2013

Adobe preps ColdFusion update to deter active exploits

Adobe next week plans to patch its ColdFusion application server to close three vulnerabilities.

The company said in an advisory late Friday that attackers are actively exploiting the bugs, which could allow an adversary to take control of the targeted server, gain increased access or steal information. Two of the flaws, however, only impact those customers who lack password protection.

The hotfix, set to be issued Jan. 15, will update ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 running on Windows, Macintosh and Unix.

Meanwhile, Adobe on Tuesday expects to push out normally scheduled updates for its Reader and Acrobat software (versions 11.0 and earlier) to coincide with Microsoft's planned patches.

Adobe did not say how many vulnerabilities will be patched, but a spokeswoman said the company was not aware of any being exploited in the wild.

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.