Adobe releases September Security Update

On September 11th, Adobe officially released the September security update, which fixes multiple vulnerabilities in its products, including Flash Player and ColdFusion.

Vulnerability Overview:

Adobe Flash Player

Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update addresses a privilege elevation vulnerability (CVE-2018-15967) in Adobe Flash Player 30.0.0.154 and earlier. Successful exploitation of this vulnerability could result in information disclosure.

  • Affected version <= 30.0.0.154
  • Security version 0.0.108

Adobe ColdFusion

Adobe has released ColdFusion security updates for versions 2018, 2016 and 11. These updates address a critical vulnerability that could lead to arbitrary code execution.

  • Affected version:
    ColdFusion (2018 release): Released on July 12 (2018.0.0.310739)
    ColdFusion (2016 release): Update 6 and earlier
    ColdFusion 11: Update 14 and earlier
  • Security version:
    ColdFusion (2018 release): Update 1
    ColdFusion (2016 release): Update 7
    ColdFusion 11: Update 15
Vulnerability impact severity CVE number
Arbitrary code execution Critical CVE-2018-15965CVE-2018-15957

CVE-2018-15958

CVE-2018-15959

Information disclosure Moderate CVE-2018-15964
Any folder creation Important CVE-2018-15963
Information disclosure Important CVE-2018-15962
Arbitrary code execution Critical CVE-2018-15961
Arbitrary file coverage Critical CVE-2018-15960

Solution

Adobe has released a new version to fix the high vulnerability; users should upgrade in time to protect your system.

For details and operations, please refer to the official notification link for each product vulnerability section.