Patch/Configuration Management, Vulnerability Management

Adobe Patch Tuesday includes ColdFusion updates

Adobe's April 2018 Patch Tuesday release addressed 14 security issues including six in Flash Player, 3 in Experience Manager, 2 in InDesign, 2 in Digital Editions, and 1 in the PhoneGap Push Plugin.

Updates were released for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS that addressed critical vulnerabilities in Adobe Flash Player 29.0.0.113 and earlier versions that could lead to arbitrary code execution if exploited.

Adobe also released updates for ColdFusion version 11 and the 2016 release that resolve an insecure library loading vulnerability with a severity level rated “important,” an “important” cross-site scripting vulnerability that could lead to code injection, and an “important” cross-site scripting vulnerability that could lead to information disclosure (CVE-2018-4941).

The patches also included a Critical Deserialization of Untrusted Data flaw that could lead to remote code execution and a critical Unsafe XML External Entity Processing flaw that could lead to Information Disclosure. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.