On September 11th, Adobe officially released the September security update, which fixes multiple vulnerabilities in its products, including Flash Player and ColdFusion.
Adobe Flash Player
Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update addresses a privilege elevation vulnerability (CVE-2018-15967) in Adobe Flash Player 126.96.36.199 and earlier. Successful exploitation of this vulnerability could result in information disclosure.
- Affected version <= 188.8.131.52
- Security version 0.0.108
Adobe has released ColdFusion security updates for versions 2018, 2016 and 11. These updates address a critical vulnerability that could lead to arbitrary code execution.
- Affected version:
ColdFusion (2018 release): Released on July 12 (2018.0.0.310739)
ColdFusion (2016 release): Update 6 and earlier
ColdFusion 11: Update 14 and earlier
- Security version:
ColdFusion (2018 release): Update 1
ColdFusion (2016 release): Update 7
ColdFusion 11: Update 15
|Vulnerability impact||severity||CVE number|
|Arbitrary code execution||Critical||CVE-2018-15965CVE-2018-15957
|Any folder creation||Important||CVE-2018-15963|
|Arbitrary code execution||Critical||CVE-2018-15961|
|Arbitrary file coverage||Critical||CVE-2018-15960|
Adobe has released a new version to fix the high vulnerability; users should upgrade in time to protect your system.
For details and operations, please refer to the official notification link for each product vulnerability section.