Adobe releases September Security Update
On September 11th, Adobe officially released the September security update, which fixes multiple vulnerabilities in its products, including Flash Player and ColdFusion.
Vulnerability Overview:
Adobe Flash Player
Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update addresses a privilege elevation vulnerability (CVE-2018-15967) in Adobe Flash Player 30.0.0.154 and earlier. Successful exploitation of this vulnerability could result in information disclosure.
- Affected version <= 30.0.0.154
- Security version 0.0.108
Adobe ColdFusion
Adobe has released ColdFusion security updates for versions 2018, 2016 and 11. These updates address a critical vulnerability that could lead to arbitrary code execution.
- Affected version:
ColdFusion (2018 release): Released on July 12 (2018.0.0.310739)
ColdFusion (2016 release): Update 6 and earlier
ColdFusion 11: Update 14 and earlier
- Security version:
ColdFusion (2018 release): Update 1
ColdFusion (2016 release): Update 7
ColdFusion 11: Update 15
| Vulnerability impact | severity | CVE number |
| Arbitrary code execution | Critical | CVE-2018-15965CVE-2018-15957
CVE-2018-15958 CVE-2018-15959 |
| Information disclosure | Moderate | CVE-2018-15964 |
| Any folder creation | Important | CVE-2018-15963 |
| Information disclosure | Important | CVE-2018-15962 |
| Arbitrary code execution | Critical | CVE-2018-15961 |
| Arbitrary file coverage | Critical | CVE-2018-15960 |
Solution
Adobe has released a new version to fix the high vulnerability; users should upgrade in time to protect your system.
For details and operations, please refer to the official notification link for each product vulnerability section.
