Adobe on Tuesday issued an update to its Shockwave Player to close 18 "critical" vulnerabilities that could be exploited by attackers to run malware on victims' machines, according to a security bulletin. In addition, the company also pushed out an update for ColdFusion, a web application development platform, to rectify three "important" vulnerabilities which could result in cross-site scripting and information disclosure, a second bulletin said. None of the flaws are being actively exploited, an Adobe spokeswoman said. — DK