Adobe Fixes Flaws for Flash, Shockwave, ColdFusion
CREDIT: Adobe Systems Inc.
Multimedia software maker Adobe issued patches to fix flaws in several of its products yesterday (April 9), some of which left customers vulnerable to computer crashes and attacks from hackers and cybercriminals.
The first update was for Adobe Flash Player, which powers YouTube as well as thousands of ads. The patch fixes at least four flaws that cause crashes and have the potential to be used to infect victims via a drive-by-download technique.
The second is a patch with a critical rating for Adobe Shockwave, used by many Web-based games. The patch fixes memory corruption, leaks and buffer overflow problems. The flaws had the potential to be exploited by hackers in order to execute malicious code.
The third update addresses a vulnerability in the ColdFusion Web platform, used by financial and other data-heavy websites to project real-time information.
The ColdFusion flaw has the potential to be used remotely by an intruder to access a system's files. Adobe gave it a lower priority rating than this month's Flash and Shockwave bugs, leading the tech blog Threatpost to speculate that the ColdFusion bug was not being exploited in the wild.
Adobe also updated AIR, a cross-platform environment used by apps such as the Twitter client Tweetdeck.
Yesterday also saw Microsoft's release of several critical and important updates that affected Internet Explorer and Windows.
Late last year, Adobe and Microsoft agreed to sync up their updates in order to make the update process less arduous for systems administrators.