On Tuesday, Adobe provided updates for Flash Player and ColdFusion, and in doing so, gave four of nine Player flaws its highest priority ranking since they could result in attackers gaining control of vulnerable systems.
According to Adobe, users of Adobe Flash Player desktop runtime for Windows and Mac should immediately update to Adobe Flash Player 15.0.0.189 while Flash Player Extended Support Release users should update to version 13.0.0.250. Updates to the current version will be made automatically to Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer.
The company also offered up “hotfixes” for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 (all platforms) that address a security permissions flaw that an “unauthenticated local user” could exploit “to bypass IP address access control restrictions applied to the ColdFusion Administrator.” The patches also fix cross-site scripting and cross-site request forgery vulnerabilities.