Adobe fixes critical vulnerabilities in Flash Player, AIR, Flash Media Server and ColdFusion
Adobe has released new versions of its Flash Player, AIR, Flash Media Server and a hot fix for ColdFusion.
Flash Player and AIR
Critical memory corruption vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, and in Adobe AIR 18.104.22.16810 and earlier versions for Windows, Macintosh and Linux.
Flash Media Server
Critical DoS and JS method vulnerabilities have been identified in Flash Media Server 3.5.3 and earlier versions and Flash Media Server 3.0.5 and earlier versions for Windows and UNIX.
Adobe recommends to all users to upgrade to the newest 3.5.4 and 3.0.6 versions of Flash Media Server, respectively. They can be found here.
An important vulnerability has been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.
Adobe recommends affected ColdFusion customers update their installation using the instructions provided here.